mozilla::pkix attempts to build chains of selfsigned roots, and appears stuck

RESOLVED DUPLICATE of bug 1056341

Status

()

defect
RESOLVED DUPLICATE of bug 1056341
4 years ago
4 years ago

People

(Reporter: kaie, Unassigned)

Tracking

36 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Reporter

Description

4 years ago
This bug was discovered when the developers tested their software, and the cockpit software accidentally used self-signed server certificates that were marked as being CA certificates.

After having stored 7 or 8 overrides with different certificates for the same subject name, mozilla::pkix is apparently trying to build a painful amount of chains, which gives the impression that firefox is completely stuck.

I've setup a test case.

Please use a fresh profile, and then connect to each of the following 8 sites, and add a permanent override for each of them.

Future attempts to connect to the sites will demonstrate that firefox is busy with 100% cpu for a long time.

https://kuix.de:9471
https://kuix.de:9472
https://kuix.de:9473
https://kuix.de:9474
https://kuix.de:9475
https://kuix.de:9476
https://kuix.de:9477
https://kuix.de:9478

You may find additional information and advice from Bob Relyea in 
https://bugzilla.redhat.com/show_bug.cgi?id=1204670
Reporter

Updated

4 years ago
Summary: mozilla::pkix attempts to build chains of selfsigned roots → mozilla::pkix attempts to build chains of selfsigned roots, and appears stuck
Thanks for setting those up, Kai. We have an earlier bug where we discuss this issue, so I'm going to mark this as a duplicate of that.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1056341
You need to log in before you can comment on or make changes to this bug.