[chromium-bugs] Issue 42073 in chromium: Chrome interaction with smart cards in Linux
chro...@googlecode.com
Owner: ----
Labels: OS-Linux Area-Undefined Type-Bug
New issue 42073 by xleon.mail: Chrome interaction with smart cards in Linux
http://code.google.com/p/chromium/issues/detail?id=42073
Chrome Version (from the about:version page): 5.0.382.0 (Developer Build
44999) Ubuntu
Is this the most recent version: Yes
OS + version: Ubuntu Karmic Koala (9.10)
CPU architecture (32-bit / 64-bit): 32-bit
Window manager: Gnome
URLs (if relevant):
Behavior in Linux Firefox: OK
Behavior in Windows Chrome (if you have access to it): OK
What steps will reproduce the problem?
1. Enter a website which requests a user certificate (which I have stored
in a PKCS#11 compliant smart card)
What is the expected result?
The browser asks you for the pin of the smart card and the authentication
is successful.
What happens instead?
The browser does not ask for the pin and the authentication fails.
Some background and debugging...
1. I have configured NSS adding the corresponding PKCS#11 modules. Attached
the output (modutil-output.txt) of the command "modutil -list -dbdir
.pki/nssdb" which lists the crypto modules installed. You can see the "3.
DNI-e PKCS#11 Module" which is the one used by firefox to make my card
work. So NSS is configured correctly in principle.
2. When I try to list the certificates through NSS I use the following
command:
Command: certutil -L -d .pki/nssdb/
Output: certutil-BAD-output.txt
This command shows the certificates stored in the database... As you can
see, the output is empty (no certificates returned).
3. I try to list the certificates through NSS specifying a specific crypto
token (instead of the default which is "internal") with the option -h:
Command: certutil -L -d .pki/nssdb/ -h "all"
Output: certutil-OK-output.txt
This command shows the certificates stored in the database specifying the
token to look at. As you can see, NOW the certutil command asks for the pin
of my smartcard and shows the certificates stored in there.
I guess chrome asks for the default token to NSS and, as it does not return
any certificate, the authentication fails.
If you need any more information which could point you to the right
direction, I would be happy to provide it.
Attachments:
modutil-output.txt 1.1 KB
certutil-BAD-output.txt 258 bytes
certutil-OK-output.txt 567 bytes
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs
chro...@googlecode.com
Owner: w...@chromium.org
Comment #1 on issue 42073 by ev...@chromium.org: Chrome interaction with
Assigning to the NSS expert.
chro...@googlecode.com
Comment #3 on issue 42073 by ikersagasti: Chrome interaction with smart
Bug confirmed in Ubuntu 10.04
~/.pki/nssdb$ modutil -list -dbdir .
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. Root Certs
library name: ./libnssckbi.so
slots: 1 slot attached
status: loaded
slot: NSS Builtin Objects
token: Builtin Object Token
3. izenpe
library name: /usr/lib/opensc-pkcs11.so
slots: 16 slots attached
status: loaded
slot: Gemplus GemPC Twin 00 00
token: IZENPE-TSE
slot: Gemplus GemPC Twin 00 00
token:
slot: Gemplus GemPC Twin 00 00
token:
slot: Gemplus GemPC Twin 00 00
token:
The browser is NOT asking for the PIN and the autentication fails.
chro...@googlecode.com
Comment #5 on issue 42073 by ikersagasti: Chrome interaction with smart
Google Chrome version was:
Google Chrome 6.0.408.1 (Build oficial 47574) dev
chro...@googlecode.com
Comment #6 on issue 42073 by tuuleh...@gmail.com: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
"I guess there is still few people using smart cards in linux?"
Most of Estonian people are using it, since it's our national ID card to
identify
yourself in various portals.
https://id.eesti.ee/idtrac/wiki/ArendajaSissejuhatus
https://id.eesti.ee/idtrac/wiki/SysteemiKirjeldus
chro...@googlecode.com
Comment #7 on issue 42073 by tuuleh...@gmail.com: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
...and linux is becoming more and more popular here, because it's free.
chro...@googlecode.com
Comment #8 on issue 42073 by ain.tohvri: Chrome interaction with smart
http://code.google.com/p/chromium/issues/detail?id=42073
Most agreed with above [comment(s)#c6].
Furthermore, similar eID smart cards are in use in Finland, Belgium,
Portugal and Lithuania. There are already eGov establishments that work
across these EU countries and there's no reason it shouldn't make it into
the official
European eID standard.
Even though this deals with Linux support only, Mac OS X support tackles
similar issues, see
[http://code.google.com/p/chromium/issues/detail?id=44075 issue no 44075] I
reported some time ago.
chro...@googlecode.com
Comment #9 on issue 42073 by ain.tohvri: Chrome interaction with smart
http://code.google.com/p/chromium/issues/detail?id=42073
Most agreed with above comments.
Furthermore, similar eID smart cards are in use in Finland, Belgium,
Portugal and Lithuania.
There are already eGov establishments that work across these EU countries
and there's
no reason it shouldn't make it into the official European eID standard.
Even though this deals with Linux support only, Mac OS X support tackles
similar issues,
see http://code.google.com/p/chromium/issues/detail?id=44075 I reported
some time ago.
chro...@googlecode.com
Owner: david...@chromium.org
Cc: w...@chromium.org
Labels: -Mstone-6 Mstone-7
Comment #12 on issue 42073 by w...@chromium.org: Chrome interaction with
smart cards in Linux
http://code.google.com/p/chromium/issues/detail?id=42073
(No comment was entered for this change.)
chro...@googlecode.com
Comment #13 on issue 42073 by xleon.mail: Chrome interaction with smart
http://code.google.com/p/chromium/issues/detail?id=42073
Which kind of help are you looking for in order to get it done for mstone6?
chro...@googlecode.com
Status: Started
Labels: -Mstone-7 Mstone-8
Comment #15 on issue 42073 by david...@chromium.org: Chrome interaction
with smart cards in Linux
http://code.google.com/p/chromium/issues/detail?id=42073
Started hooking up callback in http://codereview.chromium.org/3186021/show
Moving this to Mstone-8. I'll either make CLs with the other unfinished
branches (started over several times), or (hopefully) just finish a first
revision and put it up for review at some point.
If I'm not the one to finish this, I'll document some stuff: The primary
difficulty here is that NSS expects a blocking callback for the password
function, and it is not always easy to predict where NSS will attempt to
authenticate. Because we do not place every SSL connection on a worker
thread, we cannot block the IO thread on the UI thread for each of these.
As such, each potential call will need to be specially handled, usually via
one of two approaches:
1. Move the piece that calls the function onto a worker thread and use a
callback which blocks on the UI thread.
2. If we can predict which slot will be authenticated, we can query
ourselves whether authentication will be required, asynchronously request a
password ourselves, and pass to PK11_CheckUserPassword ourselves. This will
require us to reimplement the (trivial) retry loop that NSS does. (I
believe in PK11_DoPassword?)
Authenticating to list certificates for "unfriendly" stores in NSS will be
particularly difficult; that code currently runs within the
GetClientDataHook callback in NSS's SSL implementation. Long-term, we
probably want to move the certificate filtering completely out of the
socket implementation, but, short-term, it would be good to avoid making
the SSLClientSocketNSS state machine different on Linux from the other two
platforms, so I think it's best to simply not support it for now.
For friendly certificates, we should only require authenticating after
certificate selection to obtain the private key. That can be done
browser-side before continuing the request instead of within the
GetClientDataHook callback.
A final subtlety lies in stores with a protected authentication path. To
authenticate to those, call C_Login with NULL parameters. The call blocks
until the user has made an authentication attempt. Since
PK11_CheckUserPassword will automatically NULL arguments to C_Login for
protected authentication, we must correctly detect them to avoid blocking.
The first implementation can probably fail in that case and not support
them. Adding support later should be fairly simple; instead of displaying a
dialog, spawn a worker thread to do PK11_CheckUserPassword while displaying
a dialog instructing the user to authenticate to the smart card. In the
blocking callback codepath, one also calls PK11_CheckUserPassword and
returns one of two magic strings as the password to control the retry loop.
(There's also the nuisance that one of the instances where we will
authenticate (keygen) does not currently have enough information to display
a tab-constrained dialog; WebKit never passes us the relevant tab
responsible. That interface should be fixed anyway, as it currently blocks
the renderer. The first implementation will probably just open a normal
dialog for simplicity.)
chro...@googlecode.com
Comment #17 on issue 42073 by w...@chromium.org: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
davidben: I suggest that you talk to abarth about the WebKit changes.
But, this bug is not about <keygen>. This is about adding the NSS
password dialog on Linux.
chro...@googlecode.com
Comment #18 on issue 42073 by david...@chromium.org: Chrome interaction
http://code.google.com/p/chromium/issues/detail?id=42073
Right. One of the places where we'll need the NSS password dialog is
<keygen>, but that's difficult because of the way WebKit implements keygen;
it doesn't give Chromium enough information to hook the password dialog
properly.
chro...@googlecode.com
Status: Assigned
Owner: ma...@chromium.org
Cc: david...@chromium.org
Labels: -Mstone-X -Pri-2 -HelpWanted Mstone-10 Pri-1
Comment #19 on issue 42073 by w...@chromium.org: Chrome interaction with
smart cards in Linux
http://code.google.com/p/chromium/issues/detail?id=42073
(No comment was entered for this change.)
chro...@googlecode.com
Comment #25 on issue 42073 by ma...@chromium.org: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
There are still a few parts left:
1) Handle devices which use protected auth path (keypad on the device
itself).
2) UI for choosing which device to use for creating/importing a cert/key.
3) Prefs UI for configuring devices.
They don't all necessarily need to get done in the same milestone.
chro...@googlecode.com
Comment #28 on issue 42073 by sco.x...@gmail.com: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
I think that something is still missing. I tried to add opensc library in
pkcs11.txt in ~/.pki/nssdb (using modutil has no success and I dont know if
it's possible to add device with certutil). Now when I run chromium I see
in certificate manager personal certificates which are stored in smartcard
device. But when I open page with cert authorization I'm not asked for PIN
and authorization failed. If I lock nssdb with password everything is OK
(one issue is that if I import new certificate on hard drive, I have to
restart chromium - without restart authorization failed too...).
chro...@googlecode.com
Comment #30 on issue 42073 by xleon.m...@gmail.com: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
Last chrome dev: 10.0.642.2 dev
I'm the original reporter of the bug. I tested it but unfortunately it
doesn't work for me. I have added the corresponding pkcs#11 lib with the
following command:
modutil -dbdir sql:$HOME/.pki/nssdb -add "My Card" -libfile
/usr/lib/opensc-pkcs11.so
I also added the corresponding certificate authorities...
In the certificate manager, under personal certificate, it only shows an
intermediate certificate authority (not my personal certificates). If I try
to export this certificate, it asks me for the PIN but it fails to export.
After that, my personal certificates are shown correctly (sign and auth)
but I cannot export them. Besides, every time I try to login to a webpage
which asks for a certificate, the page does not load and hangs... nothing
else.
I already tried to delete the nssdb and recreate it in case I messed the db
last time.
The smart card is from the spanish government in case somebody else is in
the same situation.
Any hint on what info do you need to debug this?
chro...@googlecode.com
Comment #31 on issue 42073 by w...@chromium.org: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
xleon.m...: thanks for your report. These two reports confirmed that
although the code can handle the NSS software crypto device (when
protected with a password), it still cannot handle a real smart card.
The best way for us to debug this is to get a real smart card. mattm
and I will look into that.
chro...@googlecode.com
Comment #33 on issue 42073 by screa...@gmail.com: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
I'd love to help you testing.
I am running 10.0.650.0 (72596) on Ubuntu 10.10. My Estonia ID card is
being recognized by my system without any problems. Works in Firefox
(Thought installed some Firefox plugin
http://habreffect.ru/files/1c4/ea14a235e/screenshot1.png) but doesn't work
in Chromium.
Let me know if i can provide you any information.
chro...@googlecode.com
Comment #34 on issue 42073 by drisac...@gmail.com: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
I tried with Chromium 11.0.658.0 (73582) Ubuntu 10.04, Gemplus reader,
CoolKey middleware, and a US Dept of Defense Common Access Card... with
similar results to other testers.
The certificate manager dialog will show my certs, and prompts for pin on
export, but then reports "Unknown error."
Connecting to a web site that requires a cert does not prompt for pin and
fails to authenticate.
chro...@googlecode.com
Comment #35 on issue 42073 by feni...@gmail.com: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
Ubuntu 10.10 Chrome 11.0.686.0 dev
Tested with Alladin eToken PRO Java 72K OS755
chro...@googlecode.com
Comment #39 on issue 42073 by a...@stanev.org: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
11.0.696.12 (78147) Ubuntu 10.10 amd64
ACR38-U reader, Siemens smartcard
Also works.
First user have to authorize to sc with PIN via prefs (as in comment 38),
which is not straight forward. When requested client auth by a site, the
browser should present user it the PIN dialogue.
However, it's a huge progress, congratulations!
chro...@googlecode.com
Comment #40 on issue 42073 by ak...@flygroup.st: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
12.0.707.0 (78659) Ubuntu 10.10 i386
Aladdin eToken Pro
Working too.
chro...@googlecode.com
Comment #41 on issue 42073 by feni...@gmail.com: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
Every time when you re-open browser, you need to go into the preferences to
enter a PIN. It's sad.
chro...@googlecode.com
Comment #48 on issue 42073 by hotbe...@gmail.com: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
Thanks, but I'm not sure what to substitute as "my smart card" - needless
to say the card has numerous unique identifiers.
Meanwhile I discovered that opensc had not been installed yet by my Ubuntu
distro (unless the Belgian eID middleware had installed it and now I have
two copies) and only libopenct1 was installed (so I added openct as that
came up in one of the intermediary error messages)
chro...@googlecode.com
Comment #50 on issue 42073 by hotbe...@gmail.com: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
However, once I installed opensc and openct, I discovered that the card
reader did not work the next time I booted the computer (and this issue is
confirmed in the readme that came with the middleware from the government)!
However, on closer inspection of the file that came with the middleware I
found
else if (navigator.platform.indexOf("Linux") >= 0)
p11Lib = "/usr/local/lib/libbeidpkcs11.so";
res = pkcs11.addmodule(p11Name, p11Lib, 0, 0);
I therefore tried this:
sudo modutil -dbdir sql:$HOME/.pki/nssdb -add "Belgium Identity Card
PKCS#11" -libfile /usr/local/lib/libbeidpkcs11.so
and got
ERROR: Failed to add module "Belgium Identity Card PKCS#11". Probable
cause : "security library: received bad data.".
chro...@googlecode.com
Comment #53 on issue 42073 by nicholas...@gmail.com: Chrome interaction
http://code.google.com/p/chromium/issues/detail?id=42073
I just want to thank all of the devs and testers out there who are working
on this issue. This is a very important feature if Chromium/Chrome wants
penetration onto government desktops and devices. Keep up the good work.
chro...@googlecode.com
Comment #54 on issue 42073 by an...@lundin.pp.se: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
Hi!
Im running 14.0.803.0-r90 and when i have logged in to my pkcs11-tokens
with the certificate manager, and then points the browser to a site
requesting a client certificate, i get the "choose-certificate" dialog but
after that the browser just errors out with a "Error 2 (net::ERR_FAILED):
Unknown error."
This have worked before but have stopped working a couple of weeks ago.
Im running the google-chrome-unstable builds on Ubuntu 10.04 and 11.10
Alpha2 with the same behavior.
chro...@googlecode.com
Comment #55 on issue 42073 by nicholas...@gmail.com: Chrome interaction
http://code.google.com/p/chromium/issues/detail?id=42073
Let me just also add that this smart card issue is not an issue with Chrome
under MS Windows 7. Smart cards, the readers, and the certificates are
handled by the OS, which is a new feature to W7. When I use Chrome (W7
versions) to access a smart card authenticated web site, as long a the
smart card is plugged in, the OS will ask for a PIN, using (what appears
be) the same dialogue box as what is presented if I were using IE. As long
as the PIN is entered correctly and website doesn't reject Chrome as a
browser, there is not any access restrictions.
It seems like under Linux, we have something similar with the OpenSC, PCSC
lite, and coolkey. It appears from above Chrome is using NSS (from
Mozilla). Maybe we should look into using OpenSC, PCSC, and Coolkey.
Maybe we already are I just don't know what I am talking about. Wish I
knew more (like how to code)... (BTW currently working on that)
chro...@googlecode.com
Comment #63 on issue 42073 by ma...@chromium.org: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
pdobryakov: Probably issue 114134. See if it works on the dev channel.
chro...@googlecode.com
Comment #64 on issue 42073 by pdobrya...@gmail.com: Chrome interaction with
http://code.google.com/p/chromium/issues/detail?id=42073
Yes, in 19 version all ok
chro...@googlecode.com
Comment #67 on issue 42073 by H0wdyD3...@gmail.com: Chrome interaction with
Hello,
I am desperate to get this working so I can finally ditch firefox, as I
have to use coolkey/cackey in firefox to access sites with CAC card.
cat pkcs11.txt
library=/usr/lib64/libcackey_g.so
name=CAC Reader (DoD Configuration Extension)
I still am not prompted on these sites for my cac card pin, as I would be
in firefox. What do I need to do?
chro...@googlecode.com
Comment #69 on issue 42073 by miroden...@gmail.com: Chrome interaction with
@H0wdyD3...@gmail.com
library=
name=NSS Internal PKCS #11 Module
parameters=configdir='sql:/home/xyz/.pki/nssdb' certPrefix='' keyPrefix=''
secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix=''
updateKeyPrefix='' updateid='' updateTokenDescription=''
NSS=Flags=internal,critical trustOrder=75 cipherOrder=100
slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]
askpw=any timeout=30})
library=/usr/lib/pkcs11/libcoolkeypk11.so
name=CAC Reader
Then go to settings, manage certificates and VOILA, coolkey shoul ask you
for PIN!
For me it started working today, when I upgraded chrome to Version
21.0.1180.77.
chro...@googlecode.com
Comment #70 on issue 42073 by miroden...@gmail.com: Chrome interaction with
cat .pki/nssdb/pkcs11.txt
library=
name=NSS Internal PKCS #11 Module
parameters=configdir='sql:/home/xyz/.pki/nssdb' certPrefix='' keyPrefix=''
secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix=''
updateKeyPrefix='' updateid='' updateTokenDescription=''
NSS=Flags=internal,critical trustOrder=75 cipherOrder=100
slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]
askpw=any timeout=30})
library=/usr/lib/pkcs11/libcoolkeypk11.so
name=CAC Reader
chro...@googlecode.com
Comment #71 on issue 42073 by l...@beubi.com: Chrome interaction with smart
I also confirm that it's now working on chrome 21.0.1180.77
I'm using ubuntu precise pangolin and an official card reader and national
eid portuguese card!
cat .pki/nssdb/pkcs11.txt
library=
name=NSS Internal PKCS #11 Module
parameters=configdir='sql:/home/xyz/.pki/nssdb' certPrefix='' keyPrefix=''
secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix=''
updateKeyPrefix='' updateid='' updateTokenDescription=''
NSS=Flags=internal,critical trustOrder=75 cipherOrder=100
slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]
askpw=any timeout=30})
name=CartaoDeCidadao
### Finally, I can start implementing an "all-smartcard-based" security
environment on my company! Hurray!!!!!
chro...@googlecode.com
Comment #72 on issue 42073 by jeff.t.b...@gmail.com: Chrome interaction
half works for me. can't get to web based email (military), but I can get
to other sites. seems to be related to which cert I use, the first one is
for authentication and works fine, the second for encryption (for webmail,
etc) but can't logon with that one as I can in FF.
chro...@googlecode.com
Comment #74 on issue 42073 by jeff.t.b...@gmail.com: Chrome interaction
@comment 73: yes, see issue : 142845, log files attached there.
chro...@googlecode.com
Comment #75 on issue 42073 by goo...@PaulSD.com: Chrome interaction with
This is not working for me in Chromium in Ubuntu 12.04 (18.0.1025.168
Developer Build 134367).
My card works properly in FF.
I ran this to add my card reader to the Chromium NSS DB:
modutil -dbdir sql:.pki/nssdb/ -add "Card Reader PKCS#11 Module" -libfile
/usr/lib/opensc-pkcs11.so
$ modutil -dbdir sql:.pki/nssdb/ -list
2. Card Reader PKCS#11 Module
library name: /usr/lib/opensc-pkcs11.so
slots: 2 slots attached
status: loaded
slot: Virtual hotplug slot
token:
slot: SCM SCR 3340 ExpressCard54 [CCID Interface] (21221142204126)
00
token: PIV_II (PIV Card Holder pin)
$ certutil -d sql:.pki/nssdb/ -L -h all
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
Enter Password or Pin for "PIV_II (PIV Card Holder pin)":
<redacted intermediate cert name> c,,
<redacted intermediate cert name> c,,
PIV_II (PIV Card Holder pin):Certificate for PIV Authentication u,u,u
PIV_II (PIV Card Holder pin):Certificate for Digital Signature u,u,u
$
So, it looks to me like NSS is configured properly.
In Chromium, Settings -> Under the Hood -> Manage Certificates...
I am not prompted for a PIN, and there are no certificates listed
under "Your Certificates".
I do see my intermediate certs listed under "Authorities", so I know it is
reading the correct NSS DB.
If I go to a website that requires a cert, it just fails.
chro...@googlecode.com
Comment #76 on issue 42073 by goo...@PaulSD.com: Chrome interaction with
If I use the following to add my card reader:
Then go to a website requiring a cert with Chromium, it pops up a cert
selection dialog that lists my certificate. However, clicking OK does
nothing (the dialog doesn't go away). I have to click Cancel to get it to
close the dialog.
I also installed Chrome 21.0.1180.79, which seems to work perfectly fine.
Without '-mechanisms FRIENDLY', I have to go to Manage Certificates to get
the PIN prompt. With '-mechanisms FRIENDLY', it prompts me for my PIN
after I click OK on the cert selection dialog.
chro...@googlecode.com
Comment #77 on issue 42073 by goo...@PaulSD.com: Chrome interaction with
(Sorry for all the messages)
I guess Chromium that comes with Ubuntu 12.04 is just too old. I upgraded
to Chromium 20.0.1132.47 from Ubuntu Quantal, and it behaves the same as
Chrome. (YAY!)
chro...@googlecode.com
Comment #80 on issue 42073 by carlos.a...@gmail.com: Chrome interaction
When is it suppose to be fix?
I think this solution it is a "middle solution".
You always postpone this bug and it will never be fixed.
chro...@googlecode.com
Comment #81 on issue 42073 by mzimmerman: Chrome interaction with smart
As a user of Chrome/Chromium and smartcards, I thought this issue was
already fixed. It's working great for me. You may want to be specific as
to why you believe it's a "middle solution" so that it can be addressed
instead of just the developers just guessing what you mean.
chro...@googlecode.com
Comment #82 on issue 42073 by renepa...@gmail.com: Chrome interaction with
Totally agree with Carlos. No final solution for over two years (except in
Windows as mentioned in #81) and I am still forced to use Firefox for
Estonian national ID card.
chro...@googlecode.com
Comment #85 on issue 42073 by feni...@gmail.com: Chrome interaction with
There is no solution to automatically prompt pass phrase. After manual
entering in Settings, everything is working fine. I'm using Alladin E-Token.
chro...@googlecode.com
Comment #86 on issue 42073 by carlos.a...@gmail.com: Chrome interaction
I mean that "Manual entering in Settings to be prompted" is a "middle
solution".
How can you say that this "solution" is fixed?
I am a linux user (ubuntu & fedora). I know that in windows works fine, but
in Linux no.
Is it too dificult to prompt user pin in linux?
chro...@googlecode.com
Comment #87 on issue 42073 by mzimmerman: Chrome interaction with smart
Fair enough for unfriendly cards, using the FRIENDLY nss configuration as
is noted in #76 the issue is solved.
chro...@googlecode.com
Comment #89 on issue 42073 by carlos.a...@gmail.com: Chrome interaction
Using the FRIENDLY nss configuration as is noted in #76 does 'nothing'.
Chromium 22. Ubuntu 12.10. Spanish National Card. Opensc modified to run
with Spanish National Card.
chro...@googlecode.com
chro...@googlecode.com
Comment #91 on issue 42073 by Vsevolod...@gmail.com: Chrome interaction
Works for me only after login into the token in the Settings menu.
Using the Aladdin eToken Pro 64k. Had to change the
$HOME/.pki/nssdb/pkcs11.txt file from comment #38 because the token name
was not completely delivered to modutil/certutil by NSS. Replaced the
reference to opensc-pkcs11.so with libeToken.so:
library=/usr/lib/libeToken.so
name=OpenSC
---------
Ubuntu 12.04.2 LTS
3.2.0-37-generic #58-Ubuntu x86_64 x86_64 x86_64 GNU/Linux
pcscd, libpcsclite1: 1.8.6-3ubuntu1
openct: 0.6.20-1.2
opensc: 0.12.2-2ubuntu1
safenetauthenticationclient: 8.1.0-4
chromium-browser: 24.0.1312.56-0ubuntu0.12.04.1
chro...@googlecode.com
Comment #93 on issue 42073 by filipegi...@gmail.com: Chrome interaction
On Linux Mint Debian Edition 64 bits to use the brazilian e-cpf I had to do:
modutil -dbdir sql:$HOME/.pki/nssdb -add "eToken" -libfile
/usr/lib64/libeTPkcs11.so -mechanisms FRIENDLY -force
But I still have to open the "Manage certificates" to be able to use it.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
chro...@googlecode.com
Labels: Restrict-AddIssueComment-EditIssue Cr-Internals-Network-SSL
Comment #96 on issue 42073 by rsl...@chromium.org: Chrome interaction with
I'm going to mark this bug Restrict-AddIssueComment-EditIssue, because I
don't want this bug to become a meta-bug for a series of unrelated bugs
and/or possible regressions.
Please see the additional bugs from comment 27 (
https://code.google.com/p/chromium/issues/detail?id=42073#c27 ) or file a
new bug, and we'll be happy to assess further if it's the same bug.
chro...@googlecode.com
Comment #97 on issue 42073 by bugdro...@chromium.org: Chrome interaction
------------------------------------------------------------------------
r237487 | ma...@chromium.org | 2013-11-27T02:18:06.466265Z
Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/net/ssl/client_cert_store_impl.h?r1=237487&r2=237486&pathrev=237487
M
http://src.chromium.org/viewvc/chrome/trunk/src/net/ssl/client_cert_store_impl_nss.cc?r1=237487&r2=237486&pathrev=237487
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/profiles/profile_io_data.cc?r1=237487&r2=237486&pathrev=237487
M
http://src.chromium.org/viewvc/chrome/trunk/src/net/ssl/client_cert_store_impl_win.cc?r1=237487&r2=237486&pathrev=237487
M
http://src.chromium.org/viewvc/chrome/trunk/src/net/ssl/client_cert_store_impl_mac.cc?r1=237487&r2=237486&pathrev=237487
NSS: Handle unfriendly tokens in client auth.
BUG=42073,113434
Review URL: https://codereview.chromium.org/83793006
------------------------------------------------------------------------