On 09/28/2013 03:51 AM, From Robert Relyea:
Ryan is correct. What FF does not do is reload the page when the smart
card is removed. The most common use of smart card events is forcing the
reloading the page.
Correct - and the current session on the application level can be
invalidated. Something like this:
window.crypto.enableSmartCardEvents=true;
document.addEventListener("smartcard-insert",function () {
doLogin();
},false);
document.addEventListener("smartcard-remove",function () {
doLogout();
},false);
}
You can do all kind of interesting things then...
NOTE: there is still an issue that Firefox doesn't provide a way for the
web page to flush it's own cache. If you've made a connection without a
cert, there's no way to say try again with the cert. This doesn't affect
removal, but it does affect insertion.
That's a different issue, but it would be an interesting improvement if
the handshake failed, keep prompting for a (different) certificate
without having to restart the browser.
Actually FF does a full handshake, what kind of error you get depends
on what bits the server said. If you pass request not require, then
the handshake completes with the server getting no cert for the
connection.
Right, but I don't like this really.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
