[tor-bugs] #2167 [EFF-HTTPS Everywhere]: Block during extension updating process
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Feb 16 19:31:41 UTC 2011
#2167: Block during extension updating process
-------------------------------------+--------------------------------------
Reporter: zep | Owner: pde
Type: defect | Status: new
Priority: major | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: Block updating process | Parent:
Points: | Actualpointsdone:
Pointsdone: | Actualpoints:
-------------------------------------+--------------------------------------
Comment(by doegox):
Hi,
I've also what I believe to be the same issue, but maybe I'm wrong and it
deserves a separate ticket.
Let me explain:
Symptom: Firefox was freezing with 100% CPU every now & then since a few
days.
It was apparently happening every time https-everywhere extension was
looking for update.
I isolated the problem as following:
* Create a new profile
* Go to http://www.eff.org/https-everywhere
* Install extension & restart ff
* Go to http://www.eff.org/https-everywhere
=> it now redirects to https
=> connection untrusted (??? see below)
=> ok let's accept it
* Tools -> Add-ons -> Find Updates
=> Freeze & 100% CPU load
If now I remove the file cert_override.txt & restart ff
it doesn't freeze anymore on add-ons/findupdate
Here is a dump of the saved certificate:
$ openssl x509 -in *.eff.org -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:d3:60:cb:cf:2b:f8:07:e3:d1:89:46:04:3e:b0:78
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA
Limited, CN=COMODO High Assurance Secure Server CA
Validity
Not Before: Dec 3 00:00:00 2009 GMT
Not After : Jan 13 23:59:59 2015 GMT
Subject: C=US/postalCode=94110, ST=California, L=San
Francisco/street=454 Shotwell St, O=Electronic Frontier Foundation,
OU=Comodo PremiumSSL Wildcard, CN=*.eff.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:d7:13:ba:ad:b4:50:12:5a:35:cc:33:15:16:2f:
94:9a:45:9e:ef:7a:dd:a8:17:33:8b:1e:4a:7f:77:
61:0d:fd:9e:fd:c9:85:b8:32:ba:e2:ad:6a:e6:7e:
3b:2d:62:9e:45:a8:3e:2e:89:8b:27:30:6e:32:4f:
00:76:4a:fb:1d:65:d1:5e:41:19:fb:29:24:fc:a0:
1e:54:96:87:59:cd:89:38:a2:54:ae:8b:39:c5:b5:
3b:4d:b3:d7:73:41:5b:9d:5d:c5:68:23:74:fd:e4:
de:78:fb:3e:7a:27:5c:98:67:1b:5b:47:0e:12:fb:
ae:89:7f:db:2d:cc:39:83:c9:2f:41:74:1d:83:84:
3f:5a:93:2f:b5:bf:e6:94:06:22:11:df:77:de:60:
02:0f:9d:0d:13:ec:ea:0e:ab:39:75:ac:2b:97:de:
04:f0:8d:fd:22:a7:53:9a:de:77:2d:6f:d3:73:7b:
4c:01:9a:d4:ef:89:a0:10:3a:6d:c8:33:43:51:b0:
83:68:3f:26:48:d5:22:a2:a0:49:bb:7a:36:fe:16:
54:67:08:a5:66:ef:5d:c3:7c:07:e1:d5:c5:6e:ee:
de:96:f9:d8:69:fd:c7:3d:ed:d6:6c:77:42:09:3c:
3d:12:5c:c3:83:47:d3:e2:db:fd:94:77:f3:c3:9d:
97:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:60:59:CD:80:C7:C5:E3:AB:8C:2F:FC:6B:E5:5B:0A:F5:0F:DE:4B:FF
X509v3 Subject Key Identifier:
95:C9:DC:8B:0C:C0:4A:DD:56:D5:66:F5:2A:F0:C0:68:9E:62:4F:A6
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication, Microsoft Server Gated Crypto, Netscape Server Gated
Crypto
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.1.3.4
CPS: https://secure.comodo.net/CPS
X509v3 CRL Distribution Points:
URI:http://crl.comodoca.com/ComodoHighAssuranceSecureServerCA.crl
Authority Information Access:
CA Issuers -
URI:http://crt.comodoca.com/ComodoHighAssuranceSecureServerCA.crt
OCSP - URI:http://ocsp.comodoca.com
X509v3 Subject Alternative Name:
DNS:*.eff.org, DNS:eff.org
Signature Algorithm: sha1WithRSAEncryption
81:c1:46:be:33:a8:09:a3:bd:d3:16:d5:93:30:c0:42:48:c9:
1c:f9:cd:a7:47:f8:eb:10:6d:d3:4d:0f:f8:01:43:f2:92:d0:
f2:90:2a:7f:85:df:53:90:63:fd:dd:48:1f:78:b0:df:0e:00:
38:3a:00:a3:ca:50:76:e3:df:2c:49:14:d2:3d:2b:af:97:3a:
01:1e:5b:09:12:96:2f:73:fc:b1:d4:4d:54:84:7a:be:c3:06:
94:c3:b7:93:3c:d7:0e:4a:81:b4:3e:cc:67:bf:9e:90:91:9c:
02:83:e2:67:e2:4d:3b:a4:e3:fb:6c:66:91:74:66:5e:ef:40:
57:6a:7c:64:7f:45:6b:78:7f:8a:bb:33:be:fc:cb:38:f8:9d:
9d:dc:04:68:85:57:1b:37:8f:36:a9:3f:d6:09:3b:20:49:3b:
b5:40:31:d3:88:4b:54:58:5d:1c:66:38:f3:4a:4d:59:94:d5:
35:e9:d9:3b:01:9c:e8:12:f2:ab:2f:b3:bd:28:23:8d:db:57:
22:16:78:01:79:4f:48:0e:6b:31:78:1b:40:68:c8:7b:42:49:
72:24:ca:8c:1a:94:67:f1:e1:79:05:75:54:4d:c4:3a:13:9c:
70:ca:d4:5b:0c:21:6f:f0:e3:2a:17:d9:b6:b1:69:c5:35:2b:
4e:ed:5e:0a
What is strange is that if we display the cert in FF
-> details -> Certificate Hierarchy
-> very long chain:
* AddTrust External CA Root
* UTN - DATACorp SGC
* AddTrust External CA Root
* UTN - DATACorp SGC
* AddTrust External CA Root
* UTN - DATACorp SGC
* AddTrust External CA Root
* UTN - DATACorp SGC
* AddTrust External CA Root
* UTN - DATACorp SGC
* AddTrust External CA Root
* UTN - DATACorp SGC
* AddTrust External CA Root
* UTN - DATACorp SGC
* AddTrust External CA Root
* UTN - DATACorp SGC
* AddTrust External CA Root
* COMODO Certification Authority
* COMODO High Assurance Secure Server CA
* *.eff.org
My Firefox version: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
rv:1.9.2.15pre) Gecko/20110216 Namoroka/3.6.15pre
My HTTPS-Everywhere version: 0.9.4
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2167#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list