Closed
Bug 1226203
Opened 9 years ago
Closed 9 years ago
SSL connection hangs indefinitely when CN of the certificate contains only a simple hostname without domain
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1056341
People
(Reporter: claudiu.cismaru, Unassigned)
Details
Attachments
(1 file)
1.47 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0 Build ID: 2015103000 Steps to reproduce: Point Firefox to a SSL site which has a CN with only the hostname without domain (for instance, CN contains only "site1") The platform is Linux. Actual results: The tab remain in "Connecting...". High CPU is observed. Expected results: The website to open eventually with a Untrusted connection page.
Reporter | ||
Comment 1•9 years ago
|
||
If you need more information, please ask.
Reporter | ||
Comment 2•9 years ago
|
||
Want to mention, also, that the certificate is self signed.
Updated•9 years ago
|
Component: Untriaged → Security
Product: Firefox → Core
Please attach the certificate that is failing. Incidentally, are there many certificates with the same subject distinguished name in your certificate database?
Flags: needinfo?(claudiu.cismaru)
Reporter | ||
Comment 4•9 years ago
|
||
David, You have a good point in here. I'm working with new installed devices in the labs. These devices uses the same certificate DN at install time. So, yes, the database contains many certificates with the same DN, which I trusted on the browser.
Flags: needinfo?(claudiu.cismaru)
Reporter | ||
Comment 5•9 years ago
|
||
Thanks for the certificate. Based on comment 4, this is the same as bug 1056341. See in particular b 1056341 c 16 and b 1056341 c 24. Basically, based on the certificate verification architecture, this is a pessimal case. You should be able to make the symptoms less painful by periodically clearing the certificates in your database or using a new profile.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
(In reply to David Keeler [:keeler] (use needinfo?) from comment #6) > Thanks for the certificate. Based on comment 4, this is the same as bug > 1056341. See in particular b 1056341 c 16 and b 1056341 c 24. Hmmm. That syntax doesn't appear to work. That should be bug 1056341 comment 16 and bug 1056341 comment 24.
You need to log in
before you can comment on or make changes to this bug.
Description
•