Closed
Bug 140247
Opened 22 years ago
Closed 18 years ago
OCSP: Mozilla freezes when trying to view digitaly signed message.
Categories
(MailNews Core :: Security: S/MIME, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: tjibbe, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: hang, Whiteboard: OCSP [kerh-bra])
When trying to view a digitaly signed message on usenet with mailnews, Mozilla freezes. I have Mozilla set to use OCSP to validate only messages that specify an OCSP service URL. Steps to reproduce In Preferences: go to Privacy & Security - Validation set: Use OCSP to validate only messages that specify an OCSP service URL. Go to news:netscape.public.mozilla.builds Try to view a digaitaly signed message, a TRUNK tree status message for instance. Result: Mozilla now totaly freezes up until it has contacted the OCSP server (certificates.netscape.com:80 in this case). It is not even possible to go to another Mozilla windows. After contacting the server, Mozilla returns to normal operation. Expected result: Mozilla should contact the OCSP service in the background, without freezing up entirely. Workaround: Do not use OCSP for certificate validation. (This way you can not see if a certificate has been revoked!)
Comment 1•22 years ago
|
||
See also bug 136459 and bug 136469. OCSP should probably be disabled for beta and release noted until we can fix these bugs. Activating OCSP at the moment causes breakage in the mail client.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P1
Comment 2•22 years ago
|
||
I will reconfirm on Win98. Win2k and XP have some bugs related to OCSP, but the client is not freezing. Using the intranet server, all signed messages are showing up with invalid signatures. What is even cooler, is the fact that although you cannot set your preferences to sign newsgroups, you can go through your mail account and change the type column to 'newsgroup' and then sign the message! Otherbugs to look at (might be the intranet server does not have OCSP URL configured properly) -invalid signature: reason - CA is not trusted (? - the root CA is, as is the intermediary) -View cert indicates that the cert has been verified for the following uses, and then contains a null list of uses. There is a separate bug for this already (I think under the client lib component)
Comment 3•22 years ago
|
||
Is it possible that we only freeze, if the OCSP server is temporarily not responding? Another question: What happens if the user is not allowed to connect to the OCSP server site, like a blocking firewall?
Comment 4•22 years ago
|
||
Only affect the user when OCSP is turned on.
Priority: P1 → P2
Summary: Mozilla freezes when trying to view digitaly signed message. → OCSP: Mozilla freezes when trying to view digitaly signed message.
Whiteboard: OCSP
Target Milestone: --- → Future
Updated•22 years ago
|
Comment 5•22 years ago
|
||
Kai, The code that talks to the OCSP server uses PR_Connect with a timeout of 30s. So it should eventually return if the server is down. However, it then uses PR_Write to send the OCSP request, which will block forever if the server isn't reading the data after accepting the connection, or the network becomes unavailable in the middle of the request. This may be what the original reporter of this defect was seeing. The part that reads the OCSP response now uses PR_Recv instead of PR_Send, with a 30s timeout.
Comment 7•20 years ago
|
||
Mass change "Future" target milestone to "--" on bugs that now are assigned to nobody. Those targets reflected the prioritization of past PSM management. Many of these should be marked invalid or wontfix, I think.
Target Milestone: Future → ---
Updated•19 years ago
|
Whiteboard: OCSP → OCSP [kerh-bra]
Comment 8•18 years ago
|
||
I believe this should be fixed now, with the work in bug 111384. I'm closing this as fixed. Please reopen if you still have this problem.
You need to log in
before you can comment on or make changes to this bug.
Description
•