Due to design constraints, it is difficult for osclientcerts to properly
indicate whether or not each known key supports RSA-PSS. Ideally such a
determination would be made close to when a particular key is going to be used,
but due to the design of PKCS#11 and NSS' tight coupling to it, osclientcerts
would have to make this determination when searching for all known keys, which
has been shown to be prohibitively slow on Windows and results in unexpected
dialogs on macOS.
Thus, previously osclientcerts simply assumed all RSA keys supported RSA-PSS.
This has resulted in handshake failures when a server indicates that it accepts
RSA-PSS signatures.
This patch instead makes RSA-PSS support configurable via a pref
(security.osclientcerts.assume_rsa_pss_support). If the pref is true,
osclientcerts assumes all RSA keys support RSA-PSS. If it is false, it assumes
no RSA keys support RSA-PSS.
Differential Revision: https://phabricator.services.mozilla.com/D175966
Due to design constraints, it is difficult for osclientcerts to properly
indicate whether or not each known key supports RSA-PSS. Ideally such a
determination would be made close to when a particular key is going to be used,
but due to the design of PKCS#11 and NSS' tight coupling to it, osclientcerts
would have to make this determination when searching for all known keys, which
has been shown to be prohibitively slow on Windows and results in unexpected
dialogs on macOS.
Thus, previously osclientcerts simply assumed all RSA keys supported RSA-PSS.
This has resulted in handshake failures when a server indicates that it accepts
RSA-PSS signatures.
This patch instead makes RSA-PSS support configurable via a pref
(security.osclientcerts.assume_rsa_pss_support). If the pref is true,
osclientcerts assumes all RSA keys support RSA-PSS. If it is false, it assumes
no RSA keys support RSA-PSS.
Differential Revision: https://phabricator.services.mozilla.com/D175966
Due to design constraints, it is difficult for osclientcerts to properly
indicate whether or not each known key supports RSA-PSS. Ideally such a
determination would be made close to when a particular key is going to be used,
but due to the design of PKCS#11 and NSS' tight coupling to it, osclientcerts
would have to make this determination when searching for all known keys, which
has been shown to be prohibitively slow on Windows and results in unexpected
dialogs on macOS.
Thus, previously osclientcerts simply assumed all RSA keys supported RSA-PSS.
This has resulted in handshake failures when a server indicates that it accepts
RSA-PSS signatures.
This patch instead makes RSA-PSS support configurable via a pref
(security.osclientcerts.assume_rsa_pss_support). If the pref is true,
osclientcerts assumes all RSA keys support RSA-PSS. If it is false, it assumes
no RSA keys support RSA-PSS.
Differential Revision: https://phabricator.services.mozilla.com/D175966
When necko makes a speculative connection, the peer may ask for a client
authentication certificate. This patch makes it so that when this happens,
no certificate selection UI will be shown until the connection is claimed (as
in, it is no longer merely speculative).
Differential Revision: https://phabricator.services.mozilla.com/D175528
If a TLS server asks for a client authentication certificate, no dialog asking
the user to select one should be shown until the server's certificate verifies
successfully.
Differential Revision: https://phabricator.services.mozilla.com/D175170
This change does the following:
- Replace slices for serial and subject with offsets. This trades space
for a pointer, a length and a relocation (which on 64-bits Linux is an
extra 24 bytes), with runtime computation based on a pair (offset,
length), that are small enough that they fit in 8-bits integers.
- "Inline" sha1 and md5 in Root as fixed-sized arrays instead of slices.
That removes an indirection and saves the size of a fat pointer + the
corresponding relocations.
- Make BUILTINS and ROOT_LIST_LABEL arrays rather than slices, which
also saves a relocation each.
Overall this saves 24.6KB on my local Linux x64 build.
Differential Revision: https://phabricator.services.mozilla.com/D175191
If a TLS server asks for a client authentication certificate, no dialog asking
the user to select one should be shown until the server's certificate verifies
successfully.
Differential Revision: https://phabricator.services.mozilla.com/D175170
Certificate verification can take a while, which is why it runs in a separate
thread pool. At shutdown, the thread pool gets joined. To make this fast,
certificate verification tasks should check for shutdown before doing
time-consuming operations and return early if appropriate.
Differential Revision: https://phabricator.services.mozilla.com/D175163
On Linuxen without getrandom(), Rust (and Firefox broadly) uses /dev/urandom
as a fallback. Rust uses it for a few things, notably hashmaps... and will
panic if it can't use it.
Differential Revision: https://phabricator.services.mozilla.com/D174336
This flag is not supported by most event targets and can have unexpected
side effects (namely spinning a nested event loop). All consumers have
been replaced with a new function which is more explicit about this side
effect.
Differential Revision: https://phabricator.services.mozilla.com/D173985
