Open
Bug 51408
Opened 25 years ago
Updated 3 years ago
Stan: NES/SSL should remember that client refused to authenticate
Categories
(NSS :: Libraries, enhancement, P3)
Tracking
(Not tracked)
ASSIGNED
People
(Reporter: nelson, Unassigned)
Details
This was originally bugsplat bug 326792
If you have an SSL server configured with access control that
requests, but does not require, client authentication, and the
client actually does authenticate, then the client's cert is kept
in the the cache of client certs used by the server, and the user
is not requested to re-authenticate with each new connection.
But if the user does NOT authenticate, then the user will be asked
to authenticate again with each new request to the server.
We need a way to discern between
"We haven't asked the user to authenticate before" and
"We asked the client to authenticate, and it refused."
and make this info available to the app that's using the ssl lib.
The app should make the do/don't decisions based on that info
because it's policy info.
------- Additional Comments From robm 10/01/98 15:08 -------
This sounds like a good enhancement to me. When you get to it, let
me know which NSS calls are affected, and I'll see about using them
Reporter | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Reporter | ||
Comment 2•25 years ago
|
||
Change target fix version for all "stan" RFEs to "Future".
Target Milestone: --- → Future
Reporter | ||
Comment 4•20 years ago
|
||
Thomas, You're welcome to try to help with this.
Before you do too much with it, first read bug 135261 to see how the
problem has changed since this bug was filed.
Then I suggest you propose a solution here (before doing much coding),
and if the design idea seems good, then proceed with a code contribution.
An enhancement in this area might be taken in NSS 3.11 or 3.12.
Reporter | ||
Comment 5•19 years ago
|
||
I think this was implemented, and is enabled by the choice of a particular
setting for the "required" flag. I need to double-check.
Target Milestone: Future → ---
Reporter | ||
Updated•19 years ago
|
QA Contact: wtchang → libraries
Reporter | ||
Updated•16 years ago
|
Assignee: nelson → nobody
Any update? The current behavior is very annoying. I'm asked about a certificate every time I open https://tracker.debian.org
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•