Open Radar

 
Summary:
Safari 5.1 running on a 10.6.8 machine crashes when attempting to load a web page that requires the use of a Kerberos Certificate Authority (KCA) for authentication.

Steps to Reproduce:
To reproduce this bug, you will need to have a Kerberos Certificate Authority infrastructure in place, though it might also fail with any x509 certificate infrastructure. You will also need a Mac running 10.6.8 with all security and Java updates current as of 7/21/11

1. Obtain a valid KCA certificate.
2. Import the certificate into user keychain using Keychain Access and set trust values for certificate to "Allows 
3. Launch Safari 5.1
4. Navigate to a site that requires authenticating with a KCA certificate

At this point, Safari 5.1 will crash.

Expected Results:
Under previous versions of Safari 5.0.x, upon landing at the site, Safari would either display a prompt asking which certificate to use for authentication or would automatically proceed if a certificate had previously been declared.

Have duplicate the results on multiple machines running both Mac OS X and Mac OS X Server 10.6.8.
Have duplicated the results with WebKit nightly download build r91478

Safari 5.1 (7534.50) running on a Windows 7 PC correctly uses certificate authentication and successfully loads sites.

Google Chrome 12.0.742.122, another WebKit browser, successfully recognizes certificates and correctly loads all pages without crash or error.

Problem appears confined to Macs running 10.6.8 and Safari 5.1.

The five attached files are are an Apple System Profiler Report, two Safari crash logs and two Instruments trace files run during crashes.

Notes:
Information about KCAs: http://computing.fnal.gov/xms/Services/Getting_Services/Certificates/what_is_a_certificate

See also Webkit bug 64977