Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#45289 - [firefox] "Segmentation fault" after adding CA-Cert.
Attached to Project:
Arch Linux
Opened by everytrash (everytrash) - Wednesday, 10 June 2015, 16:19 GMT
Last edited by Evangelos Foutras (foutrelis) - Friday, 03 July 2015, 00:28 GMT
Opened by everytrash (everytrash) - Wednesday, 10 June 2015, 16:19 GMT
Last edited by Evangelos Foutras (foutrelis) - Friday, 03 July 2015, 00:28 GMT
|
DetailsDescription:
============ I have created my own "CA-Root" certificate. I do the following to add it to my system: - sudo cp CA-root.pem /usr/share/ca-certificates/trust-source/anchors/BLA.crt - sudo update-ca-trust The certificate is now installed in "/etc/ssl/certs/BLA.pem". Look's great and my first test with "wget" is positiv. I can download without "--no-check-certificate". The second test with firefox ends with "Segmentation fault (core dumped)". Firefox includes automatically certificates from "/etc/ssl/certs". Why? If I remove my certificate from "/etc/ssl/certs" and add it manually to "firefox", there are no problems! Additional info: ================ * package version(s) extra/firefox 38.0.5-1 Steps to reproduce: =================== Create a "CA-Root" certificate. Install it on the system: - sudo cp CA-root.pem /usr/share/ca-certificates/trust-source/anchors/BLA.crt - sudo update-ca-trust Start firefox, load a website which is sign by the "CA-Root" certificate. |
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Friday, 03 July 2015, 00:28 GMT
Reason for closing: Fixed
Additional comments about closing: firefox 39.0-1
Friday, 03 July 2015, 00:28 GMT
Reason for closing: Fixed
Additional comments about closing: firefox 39.0-1
This is happening because the issued certificate doesn't define any extensions and Firefox before version 39 (to be released in a week from now) doesn't safeguard against this and dereferences a NULL pointer when the root certificate is considered to be "built-in". [1]
Also note that it is preferable to put custom root certificates into /etc/ca-certificates/trust-source/anchors. When placed there, they won't be considered built-in but will be labeled as "System Trust". Coincidentally, this would work around this bug and Firefox wouldn't crash.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1165911