This bug was discovered when the developers tested their software, and the cockpit software accidentally used self-signed server certificates that were marked as being CA certificates. After having stored 7 or 8 overrides with different certificates for the same subject name, mozilla::pkix is apparently trying to build a painful amount of chains, which gives the impression that firefox is completely stuck. I've setup a test case. Please use a fresh profile, and then connect to each of the following 8 sites, and add a permanent override for each of them. Future attempts to connect to the sites will demonstrate that firefox is busy with 100% cpu for a long time. https://kuix.de:9471 https://kuix.de:9472 https://kuix.de:9473 https://kuix.de:9474 https://kuix.de:9475 https://kuix.de:9476 https://kuix.de:9477 https://kuix.de:9478 You may find additional information and advice from Bob Relyea in https://bugzilla.redhat.com/show_bug.cgi?id=1204670
Summary: mozilla::pkix attempts to build chains of selfsigned roots → mozilla::pkix attempts to build chains of selfsigned roots, and appears stuck
Thanks for setting those up, Kai. We have an earlier bug where we discuss this issue, so I'm going to mark this as a duplicate of that.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1056341
You need to log in before you can comment on or make changes to this bug.