[tor-bugs] #2167 [EFF-HTTPS Everywhere]: Block during extension updating process

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Feb 16 19:31:41 UTC 2011


#2167: Block during extension updating process
-------------------------------------+--------------------------------------
  Reporter:  zep                     |              Owner:  pde
      Type:  defect                  |             Status:  new
  Priority:  major                   |          Milestone:     
 Component:  EFF-HTTPS Everywhere    |            Version:     
  Keywords:  Block updating process  |             Parent:     
    Points:                          |   Actualpointsdone:     
Pointsdone:                          |       Actualpoints:     
-------------------------------------+--------------------------------------

Comment(by doegox):

 Hi,
 I've also what I believe to be the same issue, but maybe I'm wrong and it
 deserves a separate ticket.
 Let me explain:

 Symptom: Firefox was freezing with 100% CPU every now & then since a few
 days.
 It was apparently happening every time https-everywhere extension was
 looking for update.

 I isolated the problem as following:
 * Create a new profile
 * Go to http://www.eff.org/https-everywhere
 * Install extension & restart ff
 * Go to http://www.eff.org/https-everywhere
 => it now redirects to https
 => connection untrusted (??? see below)
 => ok let's accept it
 * Tools -> Add-ons -> Find Updates
 => Freeze & 100% CPU load

 If now I remove the file cert_override.txt & restart ff
 it doesn't freeze anymore on add-ons/findupdate

 Here is a dump of the saved certificate:

 $ openssl x509 -in *.eff.org -noout -text
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
             4d:d3:60:cb:cf:2b:f8:07:e3:d1:89:46:04:3e:b0:78
         Signature Algorithm: sha1WithRSAEncryption
         Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA
 Limited, CN=COMODO High Assurance Secure Server CA
         Validity
             Not Before: Dec  3 00:00:00 2009 GMT
             Not After : Jan 13 23:59:59 2015 GMT
         Subject: C=US/postalCode=94110, ST=California, L=San
 Francisco/street=454 Shotwell St, O=Electronic Frontier Foundation,
 OU=Comodo PremiumSSL Wildcard, CN=*.eff.org
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
             RSA Public Key: (2048 bit)
                 Modulus (2048 bit):
                     00:d7:13:ba:ad:b4:50:12:5a:35:cc:33:15:16:2f:
                     94:9a:45:9e:ef:7a:dd:a8:17:33:8b:1e:4a:7f:77:
                     61:0d:fd:9e:fd:c9:85:b8:32:ba:e2:ad:6a:e6:7e:
                     3b:2d:62:9e:45:a8:3e:2e:89:8b:27:30:6e:32:4f:
                     00:76:4a:fb:1d:65:d1:5e:41:19:fb:29:24:fc:a0:
                     1e:54:96:87:59:cd:89:38:a2:54:ae:8b:39:c5:b5:
                     3b:4d:b3:d7:73:41:5b:9d:5d:c5:68:23:74:fd:e4:
                     de:78:fb:3e:7a:27:5c:98:67:1b:5b:47:0e:12:fb:
                     ae:89:7f:db:2d:cc:39:83:c9:2f:41:74:1d:83:84:
                     3f:5a:93:2f:b5:bf:e6:94:06:22:11:df:77:de:60:
                     02:0f:9d:0d:13:ec:ea:0e:ab:39:75:ac:2b:97:de:
                     04:f0:8d:fd:22:a7:53:9a:de:77:2d:6f:d3:73:7b:
                     4c:01:9a:d4:ef:89:a0:10:3a:6d:c8:33:43:51:b0:
                     83:68:3f:26:48:d5:22:a2:a0:49:bb:7a:36:fe:16:
                     54:67:08:a5:66:ef:5d:c3:7c:07:e1:d5:c5:6e:ee:
                     de:96:f9:d8:69:fd:c7:3d:ed:d6:6c:77:42:09:3c:
                     3d:12:5c:c3:83:47:d3:e2:db:fd:94:77:f3:c3:9d:
                     97:c9
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Authority Key Identifier:
 keyid:60:59:CD:80:C7:C5:E3:AB:8C:2F:FC:6B:E5:5B:0A:F5:0F:DE:4B:FF

             X509v3 Subject Key Identifier:
 95:C9:DC:8B:0C:C0:4A:DD:56:D5:66:F5:2A:F0:C0:68:9E:62:4F:A6
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Extended Key Usage:
                 TLS Web Server Authentication, TLS Web Client
 Authentication, Microsoft Server Gated Crypto, Netscape Server Gated
 Crypto
             X509v3 Certificate Policies:
                 Policy: 1.3.6.1.4.1.6449.1.2.1.3.4
                   CPS: https://secure.comodo.net/CPS

             X509v3 CRL Distribution Points:
 URI:http://crl.comodoca.com/ComodoHighAssuranceSecureServerCA.crl

             Authority Information Access:
                 CA Issuers -
 URI:http://crt.comodoca.com/ComodoHighAssuranceSecureServerCA.crt
                 OCSP - URI:http://ocsp.comodoca.com

             X509v3 Subject Alternative Name:
                 DNS:*.eff.org, DNS:eff.org
     Signature Algorithm: sha1WithRSAEncryption
         81:c1:46:be:33:a8:09:a3:bd:d3:16:d5:93:30:c0:42:48:c9:
         1c:f9:cd:a7:47:f8:eb:10:6d:d3:4d:0f:f8:01:43:f2:92:d0:
         f2:90:2a:7f:85:df:53:90:63:fd:dd:48:1f:78:b0:df:0e:00:
         38:3a:00:a3:ca:50:76:e3:df:2c:49:14:d2:3d:2b:af:97:3a:
         01:1e:5b:09:12:96:2f:73:fc:b1:d4:4d:54:84:7a:be:c3:06:
         94:c3:b7:93:3c:d7:0e:4a:81:b4:3e:cc:67:bf:9e:90:91:9c:
         02:83:e2:67:e2:4d:3b:a4:e3:fb:6c:66:91:74:66:5e:ef:40:
         57:6a:7c:64:7f:45:6b:78:7f:8a:bb:33:be:fc:cb:38:f8:9d:
         9d:dc:04:68:85:57:1b:37:8f:36:a9:3f:d6:09:3b:20:49:3b:
         b5:40:31:d3:88:4b:54:58:5d:1c:66:38:f3:4a:4d:59:94:d5:
         35:e9:d9:3b:01:9c:e8:12:f2:ab:2f:b3:bd:28:23:8d:db:57:
         22:16:78:01:79:4f:48:0e:6b:31:78:1b:40:68:c8:7b:42:49:
         72:24:ca:8c:1a:94:67:f1:e1:79:05:75:54:4d:c4:3a:13:9c:
         70:ca:d4:5b:0c:21:6f:f0:e3:2a:17:d9:b6:b1:69:c5:35:2b:
         4e:ed:5e:0a

 What is strange is that if we display the cert in FF
 -> details -> Certificate Hierarchy
 -> very long chain:
 * AddTrust External CA Root
  * UTN - DATACorp SGC
   * AddTrust External CA Root
    * UTN - DATACorp SGC
     * AddTrust External CA Root
      * UTN - DATACorp SGC
       * AddTrust External CA Root
        * UTN - DATACorp SGC
         * AddTrust External CA Root
          * UTN - DATACorp SGC
           * AddTrust External CA Root
            * UTN - DATACorp SGC
             * AddTrust External CA Root
              * UTN - DATACorp SGC
               * AddTrust External CA Root
                * UTN - DATACorp SGC
                 * AddTrust External CA Root
                  * COMODO Certification Authority
                   * COMODO High Assurance Secure Server CA
                    * *.eff.org

 My Firefox version: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
 rv:1.9.2.15pre) Gecko/20110216 Namoroka/3.6.15pre
 My HTTPS-Everywhere version: 0.9.4

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2167#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list