search

moxie0 / Convergence

An agile, distributed, and secure alternative to the Certificate Authority system.
http://convergence.io
623 stars 127 forks source link

Error: cannot get contents of undefined size #135

Open mutantmonkey opened 12 years ago

mutantmonkey commented 12 years ago

Starting with Convergence 0.09, I have difficulty connecting to a number of HTTPS sites, including Remember the Milk and Github. I had no problems with Convergence 0.08, which I manually updated to run on Firefox 9.x.

I am running Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1. This problem doesn't appear to be affected by any one particular notary, but I will do some more testing to confirm this; it also occurs with and without notary bouncing enabled.

The console output I get from Convergence looks like this:

Spawning connectionworker...
Posted message to ConnectionWorker!
ConnectionWorker got message...
Failed to find mozsqlite3 in installed directory, checking system paths for sqlite3.
Deserializing across transport: notary.thoughtcrime.org : 80
Deserializing across transport: notary2.thoughtcrime.org : 80
Deserializing across transport: notary-us.convergence.qualys.com : 80
Deserializing across transport: notary-eu.convergence.qualys.com : 80
Deserializing across transport: notary.vtcybersecurity.org : 8080
Deserializing across transport: notary.mutantmonkey.in : 2080
Reading http headers...
Reading from FD: PRFileDesc.ptr(ctypes.UInt64("0x7f915bbf6e50"))
Total headers: CONNECT www.rememberthemilk.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Proxy-Connection: keep-alive
Host: www.rememberthemilk.com

Read http headers: CONNECT www.rememberthemilk.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Proxy-Connection: keep-alive
Host: www.rememberthemilk.com

Calculating PKI root...
Certificate signature status: 0
Certificate chain length: 4
Root DER certificate: SECItem(0, ctypes.unsigned_char.ptr(ctypes.UInt64("0x7f914e8d8478")), 606)
Root certificate: CERTCertificate.ptr(ctypes.UInt64("0x7f91544ec020"))
Root name: GTE CyberTrust Solutions, Inc.
Got slots: PK11SlotList.ptr(ctypes.UInt64("0x7f913f6216a0"))
SlotNode: PK11SlotListElement.ptr(ctypes.UInt64("0x7f913f621700"))
 Token: Builtin Object Token
ConnectionWorker exception : Error: cannot get contents of undefined size , ([object CData])@chrome://convergence/content/ssl/CertificateInfo.js:84
CertificateInfo([object CData])@chrome://convergence/content/ssl/CertificateInfo.js:42
([object MessageEvent])@chrome://convergence/content/workers/ConnectionWorker.js:116
moxie0 commented 12 years ago

Hmm, strange. That code section is concerned with determining whether a certificate is a user-added root. Do you have anything unusual going on there? Possibly a hardware certificate slot or something?

http://www.thoughtcrime.org

On 01/02/2012 12:10 AM, mutantmonkey wrote:

Starting with Convergence 0.09, I have difficulty connecting to a number of HTTPS sites, including Remember the Milk and Github. I had no problems with Convergence 0.08, which I manually updated to run on Firefox 9.x.

I am running Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1. This problem doesn't appear to be affected by any one particular notary, but I will do some more testing to confirm this; it also occurs with and without notary bouncing enabled.

The console output I get from Convergence looks like this:

Spawning connectionworker...
Posted message to ConnectionWorker!
ConnectionWorker got message...
Failed to find mozsqlite3 in installed directory, checking system paths for sqlite3.
Deserializing across transport: notary.thoughtcrime.org : 80
Deserializing across transport: notary2.thoughtcrime.org : 80
Deserializing across transport: notary-us.convergence.qualys.com : 80
Deserializing across transport: notary-eu.convergence.qualys.com : 80
Deserializing across transport: notary.vtcybersecurity.org : 8080
Deserializing across transport: notary.mutantmonkey.in : 2080
Reading http headers...
Reading from FD: PRFileDesc.ptr(ctypes.UInt64("0x7f915bbf6e50"))
Total headers: CONNECT www.rememberthemilk.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Proxy-Connection: keep-alive
Host: www.rememberthemilk.com

Read http headers: CONNECT www.rememberthemilk.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Proxy-Connection: keep-alive
Host: www.rememberthemilk.com

Calculating PKI root...
Certificate signature status: 0
Certificate chain length: 4
Root DER certificate: SECItem(0, ctypes.unsigned_char.ptr(ctypes.UInt64("0x7f914e8d8478")), 606)
Root certificate: CERTCertificate.ptr(ctypes.UInt64("0x7f91544ec020"))
Root name: GTE CyberTrust Solutions, Inc.
Got slots: PK11SlotList.ptr(ctypes.UInt64("0x7f913f6216a0"))
SlotNode: PK11SlotListElement.ptr(ctypes.UInt64("0x7f913f621700"))
 Token: Builtin Object Token
ConnectionWorker exception : Error: cannot get contents of undefined size , ([object CData])@chrome://convergence/content/ssl/CertificateInfo.js:84
CertificateInfo([object CData])@chrome://convergence/content/ssl/CertificateInfo.js:42
([object MessageEvent])@chrome://convergence/content/workers/ConnectionWorker.js:116

Reply to this email directly or view it on GitHub: https://github.com/moxie0/Convergence/issues/135

mutantmonkey commented 12 years ago

I don't have a hardware certificate slot, but I did remove all the "Software Security Devices" (user-added roots) from my Firefox preferences and the problem seems to have resolved itself. I also did not see the problem with a clean profile.

So it appears that this problem is related to user-added roots.

mutantmonkey commented 12 years ago

So, I may have spoken too soon previously. After removing user-added roots, I was still unable to access Google. I ended up deleting cert8.db, key3.db, cert8.dr, and cert_override.txt from my Firefox profile and everything works fine. I'm imagine there was probably some accumulated cruft either from certificate exceptions or roots I distrusted prior to installing Convergence.

moxie0 commented 12 years ago

Well shit, can you still recreate it? We should try to fix the code. There are two function calls on that line, it'd be worth breaking them out to see which is causing the problem. My hope is that readString() is being called on a null pointer or something.

http://www.thoughtcrime.org

On 01/02/2012 01:27 AM, mutantmonkey wrote:

So, I may have spoken too soon previously. After removing user-added roots, I was still unable to access Google. I ended up deleting cert8.db, key3.db, cert8.dr, and cert_override.txt from my Firefox profile and everything works fine. I'm imagine there was probably some accumulated cruft either from certificate exceptions or roots I distrusted prior to installing Convergence.

--- Reply to this email directly or view it on GitHub: https://github.com/moxie0/Convergence/issues/135#issuecomment-3327709

mutantmonkey commented 12 years ago

It appears that cert8.db is the responsible file. Here's a copy: http://mutantmonkey.in/files/cert8.db

manpages commented 12 years ago

@mutantmonkey 403 :(

mutantmonkey commented 12 years ago

Whoops, should work now. I also had this happen on another profile with a similar configuration and can provide that cert8.db as well if needed.

manpages commented 12 years ago

@mutantmonkey 200 :)

doegox commented 12 years ago

Hi, I got the same kind of error. Error occurs on my own website https://www.yobi.be, using a CACert.org certificate. Trying to access https://www.cacert.org gives me the same error...

CACert root certs are installed in my browser as "software security device". After deleting them, the error goes away. I've backups, if you need them.

The error details:

Handling accept event... ShuffleWorker accepted connection: 0x7f2952fc5b50 Spawning connectionworker... Posted message to ConnectionWorker! ConnectionWorker got message... Failed to find mozsqlite3 in installed directory, checking system paths for sqlite3. Failed to find standard sqlite3 permutations, checking debian-specific libsqlite3.so.0. Deserializing across transport: notary.thoughtcrime.org : 80 Deserializing across transport: notary2.thoughtcrime.org : 80 Deserializing across transport: notary-us.convergence.qualys.com : 80 Deserializing across transport: notary-eu.convergence.qualys.com : 80 Reading http headers... Reading from FD: PRFileDesc.ptr(ctypes.UInt64("0x7f2952fc5b50")) Total headers: CONNECT www.yobi.be:443 HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0 Iceweasel/10.0 Proxy-Connection: keep-alive Host: www.yobi.be

Read http headers: CONNECT www.yobi.be:443 HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0 Iceweasel/10.0 Proxy-Connection: keep-alive Host: www.yobi.be

Calculating PKI root... Certificate signature status: 0 Certificate chain length: 3 Root DER certificate: SECItem(0, ctypes.unsigned_char.ptr(ctypes.UInt64("0x7f292b2ee020")), 1857) Root certificate: CERTCertificate.ptr(ctypes.UInt64("0x7f29282f5020")) Root name: http://www.cacert.org Got slots: PK11SlotList.ptr(ctypes.UInt64("0x7f29248b3440")) SlotNode: PK11SlotListElement.ptr(ctypes.UInt64("0x7f29248b3540")) Token: Builtin Object Token ConnectionWorker exception : Error: cannot get contents of undefined size , ([object CData])@chrome://convergence/content/ssl/CertificateInfo.js:84 CertificateInfo([object CData])@chrome://convergence/content/ssl/CertificateInfo.js:42 ([object MessageEvent])@chrome://convergence/content/workers/ConnectionWorker.js:116