Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#10078 closed task (fixed)

Make sure torbutton_do_new_identity() is still working properly in ESR24

Reported by: gk Owned by:
Priority: Medium Milestone:
Component: TorBrowserButton Version:
Severity: Keywords: ff24-esr, tbb-linkability, tbb-testcase, MikePerry201311R
Cc: mikeperry Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by gk)

We should make sure that all mechanisms to clear state between to sessions are still doing their job. E.g. clearing the SSL session Id should not work anymore with the current code as logout() is gone in Fx 21 (https://bugzilla.mozilla.org/show_bug.cgi?id=683262) and "security.enable_ssl2" is gone long ago (even "security.enable_ssl3" is gone, in Fx 23).

Child Tickets

Change History (17)

comment:1 Changed 6 years ago by gk

Description: modified (diff)

comment:2 Changed 6 years ago by gk

Status: newneeds_review

This should be done and work both for ESR24 and ESR17.

comment:3 Changed 6 years ago by gk

Component: TorbuttonTorBrowserButton

comment:4 Changed 6 years ago by gk

Cc: mikeperry added

comment:5 Changed 6 years ago by gk

Keywords: tbb-linkability added

comment:6 Changed 6 years ago by gk

Status: needs_reviewneeds_revision

Forgot that removeGroupedPrefs() needs an argument now.

comment:7 Changed 6 years ago by gk

Status: needs_revisionneeds_review

Improved patch, up for review.

comment:8 Changed 6 years ago by mikeperry

Keywords: MikePerry201311R added

comment:9 Changed 6 years ago by mikeperry

Status: needs_reviewneeds_information

Ok. I merged this. However, I wonder if we should also call nsINSSComponent.LogoutAuthenticatedPK11() (which clears temporary cert additions), and perhaps find some way to call PK11_LogoutAll()?

The first one seems a good idea. The second one might not matter (and I don't see an obvious way to do it from JS).

comment:10 Changed 6 years ago by mikeperry

(In case it wasn't clear, I was asking about the above because nsIDOMCrypto.logout() used to call those functions for us).

comment:11 Changed 6 years ago by gk

Good questions, and, yes, we should. Turns out we get both and clearing the SSL session cache for free. See the new patch attached to this bug.

comment:12 Changed 6 years ago by gk

Status: needs_informationneeds_review

comment:13 Changed 6 years ago by mikeperry

Resolution: fixed
Status: needs_reviewclosed

Merged. Nice find!

comment:14 Changed 6 years ago by gk

Keywords: tbb-testcase added
Note: See TracTickets for help on using tickets.