Closed
Bug 989139
Opened 10 years ago
Closed 10 years ago
[e10s] Unable to use NSS in content processes
Categories
(NSS :: Libraries, defect)
Tracking
(e10s+)
RESOLVED
WONTFIX
Tracking | Status | |
---|---|---|
e10s | + | --- |
People
(Reporter: billm, Unassigned)
References
Details
We have a lot of tests that assert when run in content processes: ###!!! ASSERTION: Trying to initialize PSM/NSS in a non-chrome process!: 'Error', file /builds/slave/h-lx-d-00000000000000000000000/build/security/manager/ssl/src/nsNSSComponent.cpp, line 148 The most common place where this seems to happen is when a tests uses a <keygen> tag. What can we do about this? It happens in a bunch of reftests.
Flags: needinfo?(cviecco)
Comment 1•10 years ago
|
||
(In reply to Bill McCloskey (:billm) from comment #0) > We have a lot of tests that assert when run in content processes: > > ###!!! ASSERTION: Trying to initialize PSM/NSS in a non-chrome process!: > 'Error', file > /builds/slave/h-lx-d-00000000000000000000000/build/security/manager/ssl/src/ > nsNSSComponent.cpp, line 148 > > The most common place where this seems to happen is when a tests uses a > <keygen> tag. What can we do about this? It happens in a bunch of reftests. We actually do allow use of NSS in the content process in limited circumstances, e.g. for WebRTC. <keygen> and the existing window.crypto.* should be re-implemented for e10s so that they remote the crypto work to the parent process. The other major cause of this assertion is the site identity block implementation. The site identity block tries to calculate the security state of the connection used to load the page inside the child process, with the intent to serialize it and send it to the parent process. Obviously, it would be much better for the parent process to calculate the security state of the connection used to load the page itself, since it shouldn't be trusting security-critical information from the child process. Cert error overrides (about:certerror) are the other major thing that need to be changed, that I remember. Probably we just need to load about:certerror in a parent-process tab instead of an e10s tab.
Comment 2•10 years ago
|
||
Pretty much what bsmith said. There was some work in Bug 101019 that could be the start for keygen.
Flags: needinfo?(cviecco)
Updated•10 years ago
|
tracking-e10s:
--- → +
Reporter | ||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Comment 4•10 years ago
|
||
This is what we want. Functionality to be remoted in bug 582297
Resolution: DUPLICATE → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•