Bug#770508: iceweasel: cannot override certificate validation problems with mozilla::pkix, connection hangs
peter
peter.amstutz at curoverse.com
Wed Dec 3 17:15:48 UTC 2014
I found a workaround:
1. Quit iceweasel.
2. ~$ cd ~/.mozilla/firefox/xxxxx.default
3. ~/.mozilla/firefox/xxxxx.default$ mv cert8.db cert8.db.old
4. Restart iceweasel.
A coworker of mine was affected by the same problem and was able to
solve it using the above workaround.
As far as I can tell, iceweasel is recording some information about the
SSL configuration for a specific host and port in "cert8.db" (in our
case, a development instance of a web app that uses a self-signed cert
that is frequently regenerated). The information in "cert8.db" is
either corrupt or in conflict with the certificate actually provided
when the browser connects, but instead of landing at the
warning-and-override page, mozilla::pkix fails silently and the
connection attempt hangs.
So, I think there is a bug here, but seems like it might require some
deep digging to find the actual point of failure.
- Peter
More information about the pkg-mozilla-maintainers
mailing list