Closed Bug 696976 Opened 11 years ago Closed 7 months ago

Client certificate UI blocks the SSL thread / socket transport thread

Categories

(Core :: Security: PSM, defect, P2)

defect

Tracking

()

RESOLVED FIXED
104 Branch
Tracking Status
firefox104 --- fixed

People

(Reporter: briansmith, Assigned: keeler)

References

(Depends on 1 open bug, Blocks 3 open bugs, Regressed 1 open bug)

Details

(Whiteboard: [psm-backlog][psm-blocked])

Attachments

(2 files, 2 obsolete files)

We present the client authentication UI and wait for the user to dismiss it synchronously in our client auth data hook (nsNSS_SSLGetClientAuthData in nsNSSIOLayer.cpp). Instead, we should dispatch an event to launch the UI and then return SECWouldBlock. libssl will wait for us to restart the handshake after the user has chosen his/her certificate.

This depends on one or more bugs in libssl being fixed.
Whiteboard: [psm-backlog]
Priority: -- → P3
Priority: P3 → P2
Whiteboard: [psm-backlog] → [psm-backlog][psm-blocked]
Attachment #9276354 - Attachment is obsolete: true
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #9276538 - Attachment description: WIP: Bug 696976 - async client auth (main process) → WIP: Bug 696976 - async client auth
Attachment #9276537 - Attachment description: WIP: Bug 696976 - move TLS client auth certificate selection implementation to its own file r?jschanck → Bug 696976 - move TLS client auth certificate selection implementation to its own file r?jschanck
Attachment #9276538 - Attachment description: WIP: Bug 696976 - async client auth → Bug 696976 - asynchronously handle client auth certificate requests from TLS servers r?jschanck!
Attachment #9276353 - Attachment is obsolete: true
Attachment #9276537 - Attachment description: Bug 696976 - move TLS client auth certificate selection implementation to its own file r?jschanck → Bug 696976 - move TLS client auth certificate selection implementation to its own file r?jschanck!
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4b0ec373bcdd
move TLS client auth certificate selection implementation to its own file r=necko-reviewers,kershaw,jschanck
https://hg.mozilla.org/integration/autoland/rev/8f559e1cf746
asynchronously handle client auth certificate requests from TLS servers r=necko-reviewers,ipc-reviewers,nika,kershaw,rmf
Status: ASSIGNED → RESOLVED
Closed: 7 months ago
Resolution: --- → FIXED
Target Milestone: --- → 104 Branch
You need to log in before you can comment on or make changes to this bug.