Open Bug 2000817 Opened 26 days ago Updated 5 days ago

Crash reporter crashes on SSLHandshakeException

Categories

(Firefox for Android :: Crash Reporting, defect)

Product:
Firefox for Android
Component:
Crash Reporting
Platform:
All
Android
Type:
defect

Tracking

()

People

(Reporter: jonalmeida, Unassigned)

References

Details

(Whiteboard: [fxdroid][group1])

Steps to reproduce

  1. Encounter an SSL trust validation error (this can happen because of expired certs, incorrect system clocks, or MITM attacks).
  2. Try to submit previous crash reports in the fullscreen crash reporter UI.

Expected behaviour

  • Don't crash.

Actual behaviour

  • The crash reporter crashes.

Device information

  • Firefox version: 146
  • Android device model: n/a
  • Android OS version: n/a

Any additional information?

  • This happened when trying to submit previous crash reports while debugging a separate bug.
  • Crash stack:
 E  failed to send report to Socorro
    javax.net.ssl.SSLHandshakeException: Chain validation failed
    	at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:358)
    	at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1131)
    	at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1086)
    	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:873)
    	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:744)
    	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:709)
    	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:907)
    	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
    	at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:242)
    	at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:224)
    	at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:196)
    	at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:153)
    	at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:116)
    	at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:186)
    	at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:128)
    	at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
    	at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:289)
    	at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:232)
    	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:465)
    	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:131)
    	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:262)
    	at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:219)
    	at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:30)
    	at mozilla.components.lib.crash.service.socorro.MozillaSocorroService.sendReport$lib_crash_debug(MozillaSocorroService.kt:131)
    	at mozilla.components.lib.crash.service.socorro.MozillaSocorroService.report(MozillaSocorroService.kt:104)
    	at mozilla.components.lib.crash.CrashReporter$submitReport$2.invokeSuspend(CrashReporter.kt:222)
    	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:34)
    	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:100)
    	at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:124)
    	at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:89)
    	at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:586)
    	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:820)
    	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:717)
    	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:704)
    Caused by: java.security.cert.CertificateException: Chain validation failed
    	at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:709)
    	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:542)
    	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:563)
    	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:608)
    	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:498)
    	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
 E  	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:346)
    	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:95)
    	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
    	at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:169)
    	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:286)
    	at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1635)
    	at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
    	at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:574)
    	at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1092)
    	at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1076)
    	... 31 more
    Caused by: java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date
    	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
    	at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:222)
    	at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
    	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
    	at java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
    	at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:705)
    	... 46 more
    Caused by: java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date
    	at sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:619)
    	at sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:709)
    	at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:363)
    	at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:337)
    	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
    	... 51 more

The severity field is not set for this bug.
:boek, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(jboek)
Severity: -- → S3
Flags: needinfo?(jboek)
Whiteboard: [fxdroid][group1]
You need to log in before you can comment on or make changes to this bug.