mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/security/certverifier
История
David Keeler 3961574fa2 bug 1381154 - remove smartcard monitoring threads r=jcj,mgoodwin 
Modified from bug 1248818 comment 11:
Before this patch, if a user had a smart card (PKCS#11 device) with removable
slots, Firefox would launch a thread for each module and loop, calling
SECMOD_WaitForAnyTokenEvent to be alerted to any insertions/removals. At
shutdown, we would call SECMOD_CancelWait, which would cancel any waiting
threads. However, since that involved calling 3rd party code, we really had no
idea if these modules were behaving correctly (and, indeed, they often weren't,
judging by the shutdown crashes we were getting).
The real solution is to stop relying on PKCS#11, but since that's unlikely in
the near future, the next best thing would be to load these modules in a child
process. That way, misbehaving modules don't cause Firefox to hang/crash/etc.
That's a lot of engineering work, though, so what this patch does is avoids the
issue by never calling SECMOD_WaitForAnyTokenEvent (and thus we never have to
call SECMOD_CancelWait, etc.). Instead, every time Firefox performs an operation
that may be affected by a newly added or removed smart card, it first has NSS
refresh its view of any removable slots. This is similar to how we ensure the
loadable roots module has been loaded (see bug 1372656).

MozReview-Commit-ID: JpmLdV7Vvor

--HG--
extra : rebase_source : d3503d19fa9297106d661a017a38c30969fa39b4
 		2017-09-28 14:27:21 -07:00
..
tests/gtest Bug 1366511: Part 3 - Add mozilla::ToResult() to convert other result types to equivalent Result. r=nbp,ehsan 2017-08-29 21:28:31 -07:00
BRNameMatchingPolicy.cpp
BRNameMatchingPolicy.h
BTInclusionProof.h Bug 1343202 - Utility function for decoding an InclusionProof structure; r=ckerschb,keeler 2017-08-18 09:50:49 +02:00
BTVerifier.cpp Bug 1343202 - Utility function for decoding an InclusionProof structure; r=ckerschb,keeler 2017-08-18 09:50:49 +02:00
BTVerifier.h Bug 1343202 - Utility function for decoding an InclusionProof structure; r=ckerschb,keeler 2017-08-18 09:50:49 +02:00
Buffer.cpp Bug 1343202 - Move Buffer definition into its own file; r=keeler,rbarnes 2017-08-17 09:23:29 +02:00
Buffer.h Bug 1343202 - Move Buffer definition into its own file; r=keeler,rbarnes 2017-08-17 09:23:29 +02:00
CTDiversityPolicy.cpp Bug 1320566 - Certificate Transparency - implement CT Policy. r=Dolske,keeler 2017-01-09 08:22:28 +02:00
CTDiversityPolicy.h Bug 1320566 - Certificate Transparency - implement CT Policy. r=Dolske,keeler 2017-01-09 08:22:28 +02:00
CTKnownLogs.h bug 1349312 - part 1/2: patch CT implementation to include debug-only test logs r=Cykesiopka,jcj 2017-04-19 14:02:26 -07:00
CTLog.h Bug 1320566 - Certificate Transparency - implement CT Policy. r=Dolske,keeler 2017-01-09 08:22:28 +02:00
CTLogVerifier.cpp bug 1357226 - work around a library inefficiency with EC keys when verifying ECDSA signatures r=fkiefer,jcj 2017-04-11 14:11:28 -07:00
CTLogVerifier.h bug 1357226 - work around a library inefficiency with EC keys when verifying ECDSA signatures r=fkiefer,jcj 2017-04-11 14:11:28 -07:00
CTObjectsExtractor.cpp
CTObjectsExtractor.h
CTPolicyEnforcer.cpp Bug 1320566 - Certificate Transparency - implement CT Policy. r=Dolske,keeler 2017-01-09 08:22:28 +02:00
CTPolicyEnforcer.h Bug 1320566 - Certificate Transparency - implement CT Policy. r=Dolske,keeler 2017-01-09 08:22:28 +02:00
CTSerialization.cpp Bug 1343202 - Utility function for decoding an InclusionProof structure; r=ckerschb,keeler 2017-08-18 09:50:49 +02:00
CTSerialization.h
CTUtils.h Bug 1343202 - Utility function for decoding an InclusionProof structure; r=ckerschb,keeler 2017-08-18 09:50:49 +02:00
CTVerifyResult.cpp
CTVerifyResult.h
CertVerifier.cpp bug 1381154 - remove smartcard monitoring threads r=jcj,mgoodwin 2017-09-28 14:27:21 -07:00
CertVerifier.h bug 1400913 - back out the functionality changes from bug 1364159 (but keep the test) r=jcj 2017-09-18 10:28:58 -07:00
ExtendedValidation.cpp Bug 1392852 - Disable EV treatment for old StartCom root certificates r=keeler 2017-10-16 16:14:06 -07:00
ExtendedValidation.h bug 1372656 - load loadable roots on a background thread r=Cykesiopka,jcj 2017-06-08 16:10:00 -07:00
MultiLogCTVerifier.cpp
MultiLogCTVerifier.h
NSSCertDBTrustDomain.cpp bug 1406396 - work around NSS utils potentially loading spurious root cert modules r=mgoodwin 2017-10-13 11:27:30 -07:00
NSSCertDBTrustDomain.h bug 1400913 - back out the functionality changes from bug 1364159 (but keep the test) r=jcj 2017-09-18 10:28:58 -07:00
OCSPCache.cpp Bug 1328653 - Merging all the various *OriginAttributes to just one, r=huseby 2017-01-12 17:38:48 +01:00
OCSPCache.h Bug 1328653 - Merging all the various *OriginAttributes to just one, r=huseby 2017-01-12 17:38:48 +01:00
OCSPRequestor.cpp Bug 870698 - Part 1: Replace Assign("") with AssignLiteral(""). r=erahm 2017-09-03 22:12:56 -07:00
OCSPRequestor.h Bug 1330365 - Use mozilla::TimeStamp instead of NSPR's PRIntervalTime for OCSP timeout code. r=keeler 2017-01-14 13:12:43 +08:00
OCSPVerificationTrustDomain.cpp bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj 2017-04-03 17:17:38 -07:00
OCSPVerificationTrustDomain.h bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj 2017-04-03 17:17:38 -07:00
SignedCertificateTimestamp.cpp Bug 1343202 - Move Buffer definition into its own file; r=keeler,rbarnes 2017-08-17 09:23:29 +02:00
SignedCertificateTimestamp.h Bug 1343202 - Move Buffer definition into its own file; r=keeler,rbarnes 2017-08-17 09:23:29 +02:00
SignedTreeHead.h
StartComAndWoSignData.inc
moz.build bug 1398932 - add a preference for enabling the sqlite-backed NSS databases r=Cykesiopka,jcj 2017-09-06 14:31:27 -07:00