Closed Bug 1147544 Opened 6 years ago Closed 6 years ago

mozilla::pkix attempts to build chains of selfsigned roots, and appears stuck

Categories

(Core :: Security: PSM, defect)

36 Branch
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 1056341

People

(Reporter: KaiE, Unassigned)

Details

This bug was discovered when the developers tested their software, and the cockpit software accidentally used self-signed server certificates that were marked as being CA certificates.

After having stored 7 or 8 overrides with different certificates for the same subject name, mozilla::pkix is apparently trying to build a painful amount of chains, which gives the impression that firefox is completely stuck.

I've setup a test case.

Please use a fresh profile, and then connect to each of the following 8 sites, and add a permanent override for each of them.

Future attempts to connect to the sites will demonstrate that firefox is busy with 100% cpu for a long time.

https://kuix.de:9471
https://kuix.de:9472
https://kuix.de:9473
https://kuix.de:9474
https://kuix.de:9475
https://kuix.de:9476
https://kuix.de:9477
https://kuix.de:9478

You may find additional information and advice from Bob Relyea in 
https://bugzilla.redhat.com/show_bug.cgi?id=1204670
Summary: mozilla::pkix attempts to build chains of selfsigned roots → mozilla::pkix attempts to build chains of selfsigned roots, and appears stuck
Thanks for setting those up, Kai. We have an earlier bug where we discuss this issue, so I'm going to mark this as a duplicate of that.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1056341
You need to log in before you can comment on or make changes to this bug.