asynchronously search for client certificates
Categories
(Core :: Security: PSM, enhancement, P3)
Tracking
()
People
(Reporter: liamre, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-blocked][psm-smartcard])
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Steps to reproduce:
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0
I am encountering a really strange bug in Firefox Nightly 88.0a1. With the preference security.osclientcerts.autoload set to true, as is default in Nightly, visiting the page https://www.internalfb.com/login/?next=https%3A%2F%2Fwww.internalfb.com%2Fintern%2Ffburl%2Fredirect%2F%3Fs%3Ddebugjs causes FF to freeze instantly.
Actual results:
Browser hangs instantly upon navigation. Setting the osclientcerts pref to false results in the browser no longer freezing.
Expected results:
Browser not freezing
|
Reporter | |
Comment 1•4 years ago
|
||
I confirmed with mozregression that this occurs on every build since the introduction of the preference in this changeset.
|
||
Comment 2•4 years ago
|
||
Can you use Process Hacker [0] to see what Firefox is doing when it hangs? When you run Process Hacker, you should see Firefox in the list of running programs. If you double-click on the Firefox process that is hanging, you should see a window with a "Threads" tab. On that tab, if you select the thread that's hanging and double-click it, another window should open up with a stack trace. Thanks!
|
|
Reporter | |
Comment 3•4 years ago
|
||
I downloaded the latest debug build and obtained these two traces. As I clicked on the top thread in Process Hacker every couple of seconds, it seemed to mainly switch between these two stacks.
Hope this is helpful.
7684, 16.85, 4,685,576,616, osclientcerts.dll!C_GetFunctionList+0x6d110, Normal
0, crypt32.dll!CertGetCRLContextProperty+0x10c
1, crypt32.dll!CertCloseStore+0x3a51
2, crypt32.dll!CertCloseStore+0x3529
3, crypt32.dll!CertCloseStore+0x342b
4, crypt32.dll!CertCloseStore+0x3044
5, crypt32.dll!CryptHashCertificate2+0x1725
6, crypt32.dll!CryptHashCertificate2+0xbda
7, crypt32.dll!I_CryptFindLruEntry+0x2e6
8, crypt32.dll!I_CertWnfEnableFlushCache+0x4761
9, crypt32.dll!I_CertWnfEnableFlushCache+0x4b99
10, crypt32.dll!I_CryptReadTrustedPublisherDWORDValueFromRegistry+0x48a
11, crypt32.dll!CertDuplicateCertificateContext+0x1ff1
12, crypt32.dll!CertGetCertificateChain+0xf8
13, crypt32.dll!CertUnregisterSystemStore+0x4a4
14, crypt32.dll!CertFindChainInStore+0xa7
15, osclientcerts.dll!Ordinal0+0x14383
16, osclientcerts.dll!Ordinal0+0xee99
17, osclientcerts.dll!Ordinal0+0x1066
18, osclientcerts.dll!Ordinal0+0x26c9
19, osclientcerts.dll!C_GetFunctionList+0x6d163
20, kernel32.dll!BaseThreadInitThunk+0x14
21, ntdll.dll!RtlUserThreadStart+0x21
7684, 17.23, 4,843,708,596, osclientcerts.dll!C_GetFunctionList+0x6d110, Normal
0, ntdll.dll!ZwWaitForAlertByThreadId+0x14
1, ntdll.dll!RtlWaitOnAddress+0x44d
2, ntdll.dll!RtlWaitOnAddress+0x302
3, ntdll.dll!RtlWaitOnAddress+0x13
4, KernelBase.dll!WaitOnAddress+0x2f
5, osclientcerts.dll!C_GetFunctionList+0x368b8
6, osclientcerts.dll!C_GetFunctionList+0x56855
7, osclientcerts.dll!Ordinal0+0xce77
8, osclientcerts.dll!Ordinal0+0x1066
9, osclientcerts.dll!Ordinal0+0x26c9
10, osclientcerts.dll!C_GetFunctionList+0x6d163
11, kernel32.dll!BaseThreadInitThunk+0x14
12, ntdll.dll!RtlUserThreadStart+0x21
|
|
Reporter | |
Comment 4•4 years ago
|
||
Is there any other info I can provide to help?
|
|
||
Comment 5•4 years ago
|
||
Are there any other stacks with osclientcerts.dll in them?
|
|
||
Updated•4 years ago
|
|
|
Reporter | |
Comment 7•4 years ago
|
||
No, just the top stack as far as I can see.
|
|
Reporter | |
Comment 8•4 years ago
|
||
Mostly unhelpful image that I messed up adding to comment 7
|
|
||
Comment 9•4 years ago
|
||
How does this build behave? https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/TlH2Gu--RfOvnTduNDXAmw/runs/0/artifacts/public/build/install/sea/target.installer.exe
|
|
Reporter | |
Comment 10•4 years ago
|
||
I can still reproduce the issue on that build.
|
|
Reporter | |
Comment 11•4 years ago
|
||
I'm not sure if I have a specific certificate or certificates in my certificate store that is causing issues. I have some certificates generated by Fiddler in my cert store since I intercept my own traffic sometimes, but I don't see how that could cause this issue. I'm willing to share copies of/data about my certificates if that would be helpful.
|
|
||
Comment 12•4 years ago
|
||
From the stack traces you posted, it seemed like the issue was that Windows was checking revocation over the network when osclientcerts was trying to find potential client certificates. The build I posted should have avoided that, so if I did that correctly, it means the issue is something else. Do you have a number of certificates that all have the same subject and issuer?
If you're familiar at all with windbg, you could run Firefox, go to the page that causes this, attach windbg, and get a stack trace of all of the stacks at that point. That might give me more information.
|
|
Reporter | |
Comment 13•4 years ago
|
||
Using windbg preview, I paused execution with the break button about 5 seconds into a hang.
|
|
||
Comment 14•4 years ago
|
||
Are any other threads in osclientcerts? Also, would it be possible to attach these traces as text rather than screenshots?
Also, those symbols don't make a lot of sense. Maybe try with this build: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/Uymf76yEQ2iOrcY3o-DVoA/runs/0/artifacts/public/build/install/sea/target.installer.exe (it's a debug build, so it'll be slower)
|
|
Reporter | |
Comment 15•4 years ago
|
||
Using windbg preview's "time travel" feature, I recorded execution of the debug build and then traveled back and forth.
This stack is from 17% through execution (I think the hang began around this time) .
00 00000073`2c77e790 00007ffd`a1f5fea7 ntdll!RtlLeaveCriticalSection+0x2a
01 00000073`2c77e7c0 00007ffd`a1f5fdcb CRYPT32!FindElementInCacheStore+0xa7
02 00000073`2c77e810 00007ffd`a1f5f9e4 CRYPT32!FindElementInStore+0x17
03 00000073`2c77e850 00007ffd`a1f5c795 CRYPT32!FindElementInCollectionStore+0x124
04 00000073`2c77e8b0 00007ffd`a1f5bc4a CRYPT32!CChainPathObject::FindAndAddIssuersFromStoreByMatchType+0x141
05 00000073`2c77ea40 00007ffd`a1f5a386 CRYPT32!CChainPathObject::FindAndAddIssuersByMatchType+0x82
06 00000073`2c77eaa0 00007ffd`a1f949c1 CRYPT32!CChainPathObject::FindAndAddIssuers+0xe6
07 00000073`2c77eb00 00007ffd`a1f94df9 CRYPT32!CChainPathObject::CChainPathObject+0x6a9
08 00000073`2c77ec00 00007ffd`a1f7028a CRYPT32!ChainCreatePathObject+0xb9
09 00000073`2c77ec70 00007ffd`a1f54b81 CRYPT32!CCertChainEngine::CreateChainContextFromPathGraph+0x242
0a 00000073`2c77edf0 00007ffd`a1f54d78 CRYPT32!CCertChainEngine::GetChainContext+0x91
0b 00000073`2c77ee80 00007ffd`64274456 CRYPT32!CertGetCertificateChain+0xf8
0c 00000073`2c77ef20 00007ffd`6426f6c4 osclientcerts!Ordinal0+0x14456
0d 00000073`2c77f400 00007ffd`64261066 osclientcerts!Ordinal0+0xf6c4
0e 00000073`2c77f940 00007ffd`642626c9 osclientcerts!Ordinal0+0x1066
0f 00000073`2c77f9a0 00007ffd`642ec1ea osclientcerts!Ordinal0+0x26c9
10 00000073`2c77fa00 00007ffd`a2967034 osclientcerts!C_GetFunctionList+0x697ca
11 00000073`2c77fa60 00007ffd`a4142651 KERNEL32!BaseThreadInitThunk+0x14
12 00000073`2c77fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x21
This is from 20%.
00 00000073`2c77e790 00007ffd`a1f5ff27 ntdll!RtlEnterCriticalSection+0xd
01 00000073`2c77e7c0 00007ffd`a1f5fdcb CRYPT32!FindElementInCacheStore+0x127
02 00000073`2c77e810 00007ffd`a1f5f9e4 CRYPT32!FindElementInStore+0x17
03 00000073`2c77e850 00007ffd`a1f5c795 CRYPT32!FindElementInCollectionStore+0x124
04 00000073`2c77e8b0 00007ffd`a1f5bc4a CRYPT32!CChainPathObject::FindAndAddIssuersFromStoreByMatchType+0x141
05 00000073`2c77ea40 00007ffd`a1f5a386 CRYPT32!CChainPathObject::FindAndAddIssuersByMatchType+0x82
06 00000073`2c77eaa0 00007ffd`a1f949c1 CRYPT32!CChainPathObject::FindAndAddIssuers+0xe6
07 00000073`2c77eb00 00007ffd`a1f94df9 CRYPT32!CChainPathObject::CChainPathObject+0x6a9
08 00000073`2c77ec00 00007ffd`a1f7028a CRYPT32!ChainCreatePathObject+0xb9
09 00000073`2c77ec70 00007ffd`a1f54b81 CRYPT32!CCertChainEngine::CreateChainContextFromPathGraph+0x242
0a 00000073`2c77edf0 00007ffd`a1f54d78 CRYPT32!CCertChainEngine::GetChainContext+0x91
0b 00000073`2c77ee80 00007ffd`64274456 CRYPT32!CertGetCertificateChain+0xf8
0c 00000073`2c77ef20 00007ffd`6426f6c4 osclientcerts!Ordinal0+0x14456
0d 00000073`2c77f400 00007ffd`64261066 osclientcerts!Ordinal0+0xf6c4
0e 00000073`2c77f940 00007ffd`642626c9 osclientcerts!Ordinal0+0x1066
0f 00000073`2c77f9a0 00007ffd`642ec1ea osclientcerts!Ordinal0+0x26c9
10 00000073`2c77fa00 00007ffd`a2967034 osclientcerts!C_GetFunctionList+0x697ca
11 00000073`2c77fa60 00007ffd`a4142651 KERNEL32!BaseThreadInitThunk+0x14
12 00000073`2c77fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x21
30%
00 00000073`2c77e500 00007ffd`a1f60bce ntdll!RtlLeaveCriticalSection+0x2a
01 00000073`2c77e530 00007ffd`a1f603f1 CRYPT32!GetProperty+0x1ce
02 00000073`2c77e710 00007ffd`a1f5fec9 CRYPT32!CompareCertElement+0xf1
03 00000073`2c77e7c0 00007ffd`a1f5fdcb CRYPT32!FindElementInCacheStore+0xc9
04 00000073`2c77e810 00007ffd`a1f5f9e4 CRYPT32!FindElementInStore+0x17
05 00000073`2c77e850 00007ffd`a1f5c795 CRYPT32!FindElementInCollectionStore+0x124
06 00000073`2c77e8b0 00007ffd`a1f5bc4a CRYPT32!CChainPathObject::FindAndAddIssuersFromStoreByMatchType+0x141
07 00000073`2c77ea40 00007ffd`a1f5a386 CRYPT32!CChainPathObject::FindAndAddIssuersByMatchType+0x82
08 00000073`2c77eaa0 00007ffd`a1f949c1 CRYPT32!CChainPathObject::FindAndAddIssuers+0xe6
09 00000073`2c77eb00 00007ffd`a1f94df9 CRYPT32!CChainPathObject::CChainPathObject+0x6a9
0a 00000073`2c77ec00 00007ffd`a1f7028a CRYPT32!ChainCreatePathObject+0xb9
0b 00000073`2c77ec70 00007ffd`a1f54b81 CRYPT32!CCertChainEngine::CreateChainContextFromPathGraph+0x242
0c 00000073`2c77edf0 00007ffd`a1f54d78 CRYPT32!CCertChainEngine::GetChainContext+0x91
0d 00000073`2c77ee80 00007ffd`64274456 CRYPT32!CertGetCertificateChain+0xf8
0e 00000073`2c77ef20 00007ffd`6426f6c4 osclientcerts!Ordinal0+0x14456
0f 00000073`2c77f400 00007ffd`64261066 osclientcerts!Ordinal0+0xf6c4
10 00000073`2c77f940 00007ffd`642626c9 osclientcerts!Ordinal0+0x1066
11 00000073`2c77f9a0 00007ffd`642ec1ea osclientcerts!Ordinal0+0x26c9
12 00000073`2c77fa00 00007ffd`a2967034 osclientcerts!C_GetFunctionList+0x697ca
13 00000073`2c77fa60 00007ffd`a4142651 KERNEL32!BaseThreadInitThunk+0x14
14 00000073`2c77fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x21
40%
00 00000073`2c77e7c0 00007ffd`a1f5fdcb CRYPT32!FindElementInCacheStore+0xfe
01 00000073`2c77e810 00007ffd`a1f5f9e4 CRYPT32!FindElementInStore+0x17
02 00000073`2c77e850 00007ffd`a1f5c795 CRYPT32!FindElementInCollectionStore+0x124
03 00000073`2c77e8b0 00007ffd`a1f5bc4a CRYPT32!CChainPathObject::FindAndAddIssuersFromStoreByMatchType+0x141
04 00000073`2c77ea40 00007ffd`a1f5a386 CRYPT32!CChainPathObject::FindAndAddIssuersByMatchType+0x82
05 00000073`2c77eaa0 00007ffd`a1f949c1 CRYPT32!CChainPathObject::FindAndAddIssuers+0xe6
06 00000073`2c77eb00 00007ffd`a1f94df9 CRYPT32!CChainPathObject::CChainPathObject+0x6a9
07 00000073`2c77ec00 00007ffd`a1f7028a CRYPT32!ChainCreatePathObject+0xb9
08 00000073`2c77ec70 00007ffd`a1f54b81 CRYPT32!CCertChainEngine::CreateChainContextFromPathGraph+0x242
09 00000073`2c77edf0 00007ffd`a1f54d78 CRYPT32!CCertChainEngine::GetChainContext+0x91
0a 00000073`2c77ee80 00007ffd`64274456 CRYPT32!CertGetCertificateChain+0xf8
0b 00000073`2c77ef20 00007ffd`6426f6c4 osclientcerts!Ordinal0+0x14456
0c 00000073`2c77f400 00007ffd`64261066 osclientcerts!Ordinal0+0xf6c4
0d 00000073`2c77f940 00007ffd`642626c9 osclientcerts!Ordinal0+0x1066
0e 00000073`2c77f9a0 00007ffd`642ec1ea osclientcerts!Ordinal0+0x26c9
0f 00000073`2c77fa00 00007ffd`a2967034 osclientcerts!C_GetFunctionList+0x697ca
10 00000073`2c77fa60 00007ffd`a4142651 KERNEL32!BaseThreadInitThunk+0x14
11 00000073`2c77fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x21
50%
00 00000073`2c77e790 00007ffd`a1f5fea7 ntdll!RtlLeaveCriticalSection+0x2a
01 00000073`2c77e7c0 00007ffd`a1f5fdcb CRYPT32!FindElementInCacheStore+0xa7
02 00000073`2c77e810 00007ffd`a1f5f9e4 CRYPT32!FindElementInStore+0x17
03 00000073`2c77e850 00007ffd`a1f5c795 CRYPT32!FindElementInCollectionStore+0x124
04 00000073`2c77e8b0 00007ffd`a1f5bc4a CRYPT32!CChainPathObject::FindAndAddIssuersFromStoreByMatchType+0x141
05 00000073`2c77ea40 00007ffd`a1f5a386 CRYPT32!CChainPathObject::FindAndAddIssuersByMatchType+0x82
06 00000073`2c77eaa0 00007ffd`a1f949c1 CRYPT32!CChainPathObject::FindAndAddIssuers+0xe6
07 00000073`2c77eb00 00007ffd`a1f94df9 CRYPT32!CChainPathObject::CChainPathObject+0x6a9
08 00000073`2c77ec00 00007ffd`a1f7028a CRYPT32!ChainCreatePathObject+0xb9
09 00000073`2c77ec70 00007ffd`a1f54b81 CRYPT32!CCertChainEngine::CreateChainContextFromPathGraph+0x242
0a 00000073`2c77edf0 00007ffd`a1f54d78 CRYPT32!CCertChainEngine::GetChainContext+0x91
0b 00000073`2c77ee80 00007ffd`64274456 CRYPT32!CertGetCertificateChain+0xf8
0c 00000073`2c77ef20 00007ffd`6426f6c4 osclientcerts!Ordinal0+0x14456
0d 00000073`2c77f400 00007ffd`64261066 osclientcerts!Ordinal0+0xf6c4
0e 00000073`2c77f940 00007ffd`642626c9 osclientcerts!Ordinal0+0x1066
0f 00000073`2c77f9a0 00007ffd`642ec1ea osclientcerts!Ordinal0+0x26c9
10 00000073`2c77fa00 00007ffd`a2967034 osclientcerts!C_GetFunctionList+0x697ca
11 00000073`2c77fa60 00007ffd`a4142651 KERNEL32!BaseThreadInitThunk+0x14
12 00000073`2c77fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x21
60%
00 00000073`2c77e500 00007ffd`a1f60abd ntdll!RtlEnterCriticalSection+0xd
01 00000073`2c77e530 00007ffd`a1f603f1 CRYPT32!GetProperty+0xbd
02 00000073`2c77e710 00007ffd`a1f5fec9 CRYPT32!CompareCertElement+0xf1
03 00000073`2c77e7c0 00007ffd`a1f5fdcb CRYPT32!FindElementInCacheStore+0xc9
04 00000073`2c77e810 00007ffd`a1f5f9e4 CRYPT32!FindElementInStore+0x17
05 00000073`2c77e850 00007ffd`a1f5c795 CRYPT32!FindElementInCollectionStore+0x124
06 00000073`2c77e8b0 00007ffd`a1f5bc4a CRYPT32!CChainPathObject::FindAndAddIssuersFromStoreByMatchType+0x141
07 00000073`2c77ea40 00007ffd`a1f5a386 CRYPT32!CChainPathObject::FindAndAddIssuersByMatchType+0x82
08 00000073`2c77eaa0 00007ffd`a1f949c1 CRYPT32!CChainPathObject::FindAndAddIssuers+0xe6
09 00000073`2c77eb00 00007ffd`a1f94df9 CRYPT32!CChainPathObject::CChainPathObject+0x6a9
0a 00000073`2c77ec00 00007ffd`a1f7028a CRYPT32!ChainCreatePathObject+0xb9
0b 00000073`2c77ec70 00007ffd`a1f54b81 CRYPT32!CCertChainEngine::CreateChainContextFromPathGraph+0x242
0c 00000073`2c77edf0 00007ffd`a1f54d78 CRYPT32!CCertChainEngine::GetChainContext+0x91
0d 00000073`2c77ee80 00007ffd`64274456 CRYPT32!CertGetCertificateChain+0xf8
0e 00000073`2c77ef20 00007ffd`6426f6c4 osclientcerts!Ordinal0+0x14456
0f 00000073`2c77f400 00007ffd`64261066 osclientcerts!Ordinal0+0xf6c4
10 00000073`2c77f940 00007ffd`642626c9 osclientcerts!Ordinal0+0x1066
11 00000073`2c77f9a0 00007ffd`642ec1ea osclientcerts!Ordinal0+0x26c9
12 00000073`2c77fa00 00007ffd`a2967034 osclientcerts!C_GetFunctionList+0x697ca
13 00000073`2c77fa60 00007ffd`a4142651 KERNEL32!BaseThreadInitThunk+0x14
14 00000073`2c77fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x21
70%
00 00000073`2c77e7c0 00007ffd`a1f5fdcb CRYPT32!FindElementInCacheStore+0x8a
01 00000073`2c77e810 00007ffd`a1f5f9e4 CRYPT32!FindElementInStore+0x17
02 00000073`2c77e850 00007ffd`a1f5c795 CRYPT32!FindElementInCollectionStore+0x124
03 00000073`2c77e8b0 00007ffd`a1f5bc4a CRYPT32!CChainPathObject::FindAndAddIssuersFromStoreByMatchType+0x141
04 00000073`2c77ea40 00007ffd`a1f5a386 CRYPT32!CChainPathObject::FindAndAddIssuersByMatchType+0x82
05 00000073`2c77eaa0 00007ffd`a1f949c1 CRYPT32!CChainPathObject::FindAndAddIssuers+0xe6
06 00000073`2c77eb00 00007ffd`a1f94df9 CRYPT32!CChainPathObject::CChainPathObject+0x6a9
07 00000073`2c77ec00 00007ffd`a1f7028a CRYPT32!ChainCreatePathObject+0xb9
08 00000073`2c77ec70 00007ffd`a1f54b81 CRYPT32!CCertChainEngine::CreateChainContextFromPathGraph+0x242
09 00000073`2c77edf0 00007ffd`a1f54d78 CRYPT32!CCertChainEngine::GetChainContext+0x91
0a 00000073`2c77ee80 00007ffd`64274456 CRYPT32!CertGetCertificateChain+0xf8
0b 00000073`2c77ef20 00007ffd`6426f6c4 osclientcerts!Ordinal0+0x14456
0c 00000073`2c77f400 00007ffd`64261066 osclientcerts!Ordinal0+0xf6c4
0d 00000073`2c77f940 00007ffd`642626c9 osclientcerts!Ordinal0+0x1066
0e 00000073`2c77f9a0 00007ffd`642ec1ea osclientcerts!Ordinal0+0x26c9
0f 00000073`2c77fa00 00007ffd`a2967034 osclientcerts!C_GetFunctionList+0x697ca
10 00000073`2c77fa60 00007ffd`a4142651 KERNEL32!BaseThreadInitThunk+0x14
11 00000073`2c77fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x21
80%
00 00000073`2c77e500 00007ffd`a1f60bce ntdll!RtlLeaveCriticalSection+0x2a
01 00000073`2c77e530 00007ffd`a1f603f1 CRYPT32!GetProperty+0x1ce
02 00000073`2c77e710 00007ffd`a1f5fec9 CRYPT32!CompareCertElement+0xf1
03 00000073`2c77e7c0 00007ffd`a1f5fdcb CRYPT32!FindElementInCacheStore+0xc9
04 00000073`2c77e810 00007ffd`a1f5f9e4 CRYPT32!FindElementInStore+0x17
05 00000073`2c77e850 00007ffd`a1f5c795 CRYPT32!FindElementInCollectionStore+0x124
06 00000073`2c77e8b0 00007ffd`a1f5bc4a CRYPT32!CChainPathObject::FindAndAddIssuersFromStoreByMatchType+0x141
07 00000073`2c77ea40 00007ffd`a1f5a386 CRYPT32!CChainPathObject::FindAndAddIssuersByMatchType+0x82
08 00000073`2c77eaa0 00007ffd`a1f949c1 CRYPT32!CChainPathObject::FindAndAddIssuers+0xe6
09 00000073`2c77eb00 00007ffd`a1f94df9 CRYPT32!CChainPathObject::CChainPathObject+0x6a9
0a 00000073`2c77ec00 00007ffd`a1f7028a CRYPT32!ChainCreatePathObject+0xb9
0b 00000073`2c77ec70 00007ffd`a1f54b81 CRYPT32!CCertChainEngine::CreateChainContextFromPathGraph+0x242
0c 00000073`2c77edf0 00007ffd`a1f54d78 CRYPT32!CCertChainEngine::GetChainContext+0x91
0d 00000073`2c77ee80 00007ffd`64274456 CRYPT32!CertGetCertificateChain+0xf8
0e 00000073`2c77ef20 00007ffd`6426f6c4 osclientcerts!Ordinal0+0x14456
0f 00000073`2c77f400 00007ffd`64261066 osclientcerts!Ordinal0+0xf6c4
10 00000073`2c77f940 00007ffd`642626c9 osclientcerts!Ordinal0+0x1066
11 00000073`2c77f9a0 00007ffd`642ec1ea osclientcerts!Ordinal0+0x26c9
12 00000073`2c77fa00 00007ffd`a2967034 osclientcerts!C_GetFunctionList+0x697ca
13 00000073`2c77fa60 00007ffd`a4142651 KERNEL32!BaseThreadInitThunk+0x14
14 00000073`2c77fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x21
90%
00 00000073`2c77e790 00007ffd`a1f5ff27 ntdll!RtlEnterCriticalSection+0xd
01 00000073`2c77e7c0 00007ffd`a1f5fdcb CRYPT32!FindElementInCacheStore+0x127
02 00000073`2c77e810 00007ffd`a1f5f9e4 CRYPT32!FindElementInStore+0x17
03 00000073`2c77e850 00007ffd`a1f5c795 CRYPT32!FindElementInCollectionStore+0x124
04 00000073`2c77e8b0 00007ffd`a1f5bc4a CRYPT32!CChainPathObject::FindAndAddIssuersFromStoreByMatchType+0x141
05 00000073`2c77ea40 00007ffd`a1f5a386 CRYPT32!CChainPathObject::FindAndAddIssuersByMatchType+0x82
06 00000073`2c77eaa0 00007ffd`a1f949c1 CRYPT32!CChainPathObject::FindAndAddIssuers+0xe6
07 00000073`2c77eb00 00007ffd`a1f94df9 CRYPT32!CChainPathObject::CChainPathObject+0x6a9
08 00000073`2c77ec00 00007ffd`a1f7028a CRYPT32!ChainCreatePathObject+0xb9
09 00000073`2c77ec70 00007ffd`a1f54b81 CRYPT32!CCertChainEngine::CreateChainContextFromPathGraph+0x242
0a 00000073`2c77edf0 00007ffd`a1f54d78 CRYPT32!CCertChainEngine::GetChainContext+0x91
0b 00000073`2c77ee80 00007ffd`64274456 CRYPT32!CertGetCertificateChain+0xf8
0c 00000073`2c77ef20 00007ffd`6426f6c4 osclientcerts!Ordinal0+0x14456
0d 00000073`2c77f400 00007ffd`64261066 osclientcerts!Ordinal0+0xf6c4
0e 00000073`2c77f940 00007ffd`642626c9 osclientcerts!Ordinal0+0x1066
0f 00000073`2c77f9a0 00007ffd`642ec1ea osclientcerts!Ordinal0+0x26c9
10 00000073`2c77fa00 00007ffd`a2967034 osclientcerts!C_GetFunctionList+0x697ca
11 00000073`2c77fa60 00007ffd`a4142651 KERNEL32!BaseThreadInitThunk+0x14
12 00000073`2c77fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x21
I don't think these are helpful because most of these stacks are basically the same and don't show the cause of the problem.
|
|
||
Comment 16•4 years ago
|
||
It would still be helpful to know the answer to this:
Do you have a number of certificates that all have the same subject and issuer?
Also, rather than capturing the same stack at different points in time, can you please capture all stacks at one point in time? (you can upload a text file as an attachment rather than pasting all of that into a comment)
|
|
Reporter | |
Comment 17•4 years ago
|
||
I can't seem to reproduce this anymore.
|
|
Reporter | |
Comment 18•4 years ago
|
||
Disregard last comment, I can still reproduce.
I think Fiddler is certainly to blame, as there are over 4000 certificates in my local certificate store generated by Fiddler to intercept HTTPS traffic.
|
|
Reporter | |
Comment 19•4 years ago
|
||
Here is a gist containing all stack traces at one point in time.
https://gist.github.com/llacb47/0b52e41f251a39cc0cd500e05d73db08
|
|
Reporter | |
Updated•4 years ago
|
|
|
||
Comment 20•4 years ago
|
||
How does Chrome behave here?
In any case, it looks like you can remove all of those certificates by opening Fiddler and navigating through the menus Tools -> Options -> HTTPS -> Actions -> Remove Interception Certificates
|
|
||
Updated•4 years ago
|
|
|
Reporter | |
Comment 21•4 years ago
|
||
Chrome behaves fine.
I'm really sorry about not replying for so long. I know it's unprofessional and I can understand if you don't feel like putting any more time into this bug, especially since the osclientscerts pref has been enabled in release.
|
|
||
Updated•4 years ago
|
Description
•