Auto-selection client certificate mechanism

[Tim Falcon]

Hi,

I am interested in the auto-selection mechanism of client certificates, especially in "ClientAuthRemeberList.txt" file.

As I know this file contains the user's automatic selections. This file is constructed from lines, each line is made of three parts separated by ","

The first and second parts are pretty self-explanatory. The server and the fingerprint of the certificate.

The third part is made up of several parts that I do not understand and would be happy for an explanation.

What isn't ^firstPartDomain, the two numbers after and the base64 chunk that I see.

I dig into the source code bug I didn’t succeed to understand what happened there.

I will be happy to get any assistance with that.

Thanks!

[Tom Ritter]

The third part you are seeing is the output of
OriginAttributes::CreateSuffix:
https://searchfox.org/mozilla-central/rev/8e9b4484408154b80d7ede9e1b035819fda48fd2/caps/OriginAttributes.cpp#210

OriginAttributes is a complex partitioning key we use to separate
state between Private Browsing Mode, Containers, First Party
Isolation, State Partitioning, etc. So for client certs this key
would separate the automatic selection of client certificates so a
certificate selected for a domain in e.g. Container A would not be
auto-selected for the same domain in Container B.

-tom

> --
> You received this message because you are subscribed to the Google Groups "dev-pl...@mozilla.org" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to dev-platform...@mozilla.org.
> To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/deb106b9-c4f3-4cf8-a7a8-fb8e1e0eafafn%40mozilla.org.

[Dana Keeler]

Note that the format of this file is not standardized and may change without notice.

To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CADua4_uRDnspD83naoAVUwQjc-b-u29MeuHXV-o-FvcxLxOfkA%40mail.gmail.com.