#5396 closed defect (invalid)
Joining Multiplayer Lobby calls Military DOD CAC SmartCard Certificates
| Reported by: | Porpoiseless | Owned by: | |
|---|---|---|---|
| Priority: | Should Have | Milestone: | |
| Component: | Multiplayer lobby | Keywords: | |
| Cc: | Patch: |
Description
Clicking Multiplayer - Game Lobby, particularly signing into my multiplayer account, 0 A.D. minimizes and asks for me to insert my Military DOD Common Access Card (CAC) into a smart card reader. I have certificates for the smart card reader installed so that I can access my government email and applications. 0 A.D. call this demand to insert the CAC when they call for multiplayer login. 0 A.D. asks for the CAC twice, and after cancelling the requests, 0 A.D. functions fine, allowing me into the lobby.
Change History (3)
comment:1 by , 5 years ago
| Keywords: | multiplayer login lobby removed |
|---|---|
| Milestone: | → Backlog |
comment:2 by , 5 years ago
| Milestone: | Backlog |
|---|---|
| Resolution: | → invalid |
| Status: | new → closed |
The only certificate that 0AD uses is the one from our server that is signed using the root CA of Let's Encrypt (that again was signed by I forgot who).
This / these root certificates should be available already, and given that you can connect even without passing your other certificates confirms that.
So I conclude the same, that the application just asks for the smartcard because it wants to know about all certificates before a certificate is verified.
Perhaps gloox or your system can be configured to avoid that. But we don't have anyone to reproduce that, and gloox (https://camaya.net/gloox/) TLS support is a bit broken and barely maintained #4705. In case someone looks into gloox, it would be necessary to know which operating system you use (Windows 10 I guess).
comment:3 by , 2 years ago
Hi
I have exactly the same issue. But I have a different smartcard.
I see that the ticket says it's not possible to reproduce it. In my case, the issue occurs always, even if the smartcard is not present. I assume that it might be possible to reproduce it just by installing the smartcard software that can be downloaded from here (first link): https://www.sede.fnmt.gob.es/en/descargas/descarga-software
Unfortunately, I don't have any spare computer to test if it's reproducible in that way. Perhaps it might also be needed to have a smartcard reader.
Regards
That sounds like a very environment-dependent bug. My guess is that gloox (the library we use for the multiplayer client) is going through all the SSL certificates that are on your machine, and the OS tells it there are some of them on your card. Clicking cancel just makes gloox ignore those certs, which is fine because they are unneeded for 0 A.D.
It sounds like the fix would be to tell the OS not to ask for CAC certificates when 0 A.D. is asking. But I'm not familiar with the technology at all. Could you look into it, with the help of your IT point of contact in the military?
I don't believe we can do anything on our end, but I'm leaving the ticket open, waiting for your input :)