> > > Mark Hobbs wrote: > > > >> Thanks for this Bob, unfortunately the behaviour still remains > > > >> unchanged, as > > > >> soon as I go to the login page of my Yahoo account I get a > > > smartcard PIN > > > >> request screen, which is strange as the Yahoo login is not > even SSL. > > > >> > > > >> I am not convinces the behaviour was the same with FireFox 1.07 > > > >> so I'll try > > > >> to pop that back on another machine and see. > > > >> > > > > > > > > Right, I have tried exactly the same smartcard token using > > FireFox 1.07 > > > > (admittedly using Windows 98 but with the same PKCS11 driver > > > for FF) but I > > > > neither get the timeout (after approximately 10 minutes of > > > inactivity on a > > > > client authenticated SSL site) or the need to enter my > > > smartcard password as > > > > soon as FireFox browses to a normal SSL site (no client > > authentication). > > > > > > > > As far as I can see things look to have changed within FireFox > > > V1.5. Does > > > > anyone with more detailed knowledge of FF know if this is > > likely, it is > > > > certainly a backwards step if true? > > > > > > > The only addition in FF 1.5 that is smart card related is the > smart card > > > monitoring thread. FF starts up a thread looking for token > insertions an > > > removals. There may be some bad interaction between the PKCS > #11 module > > > and the insertion/removal detection code. It may be a race > condition in > > > your PKCS #11 module. If the PKCS #11 module advertises itself as > > > thread-safe, then the problem could be in FF (NSS is supposed > to protect > > > the token against multiple entries with locks). If the token does not > > > advertise itself as thread safe, then it's like a problem in > > the module). > > > > > > If FF 1.07 does not have the behavior, then it is not a configuration > > > issue like I surmised in my previous post. > > > > > > bob > > > > > Thanks Bob. > > I've forwarded this to our support contact to see what they come > > back with. > > It would be good to know where the fault lies so we can progress it to a > > conclusion.
I have a response from the suppliers of the PKCS11 module and they have confirmed that their driver is thread safe and that, in their opinion, the problem is most likely within FF1.5 rather than the PKCS11 driver. It has to be said that they can only repeat the "uneccessary PIN request" part of the problems I have seen and not the repeated "expiry" type PIN requests. I assume that the best thing to do now is log this as a potential bug on the FF bug list ? > > I've also now tested this with Mozilla 1.7.12 and this behalves correctly. > What I don't know is if Mozilla 1.7.12 is more equivalent to > FF1.07 or FF1.5 > in respect of smartcard handling. > > > > > > > _______________________________________________ > > dev-tech-crypto mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-tech-crypto > > _______________________________________________ > dev-tech-crypto mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
