[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3754 [TorBrowserButton]: SafeCache implementation breaks OCSP validation

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3754 [TorBrowserButton]: SafeCache implementation breaks OCSP validation
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sat, 03 Sep 2011 00:41:09 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 Sep 2011 20:41:18 -0400
In-reply-to: <042.020d8dec9189af5d23071a8192a5e47d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.020d8dec9189af5d23071a8192a5e47d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3754: SafeCache implementation breaks OCSP validation
---------------------------------------------+------------------------------
 Reporter:  gk                               |          Owner:  mikeperry     
     Type:  defect                           |         Status:  new           
 Priority:  major                            |      Milestone:                
Component:  TorBrowserButton                 |        Version:  Torbutton: 1.4
 Keywords:  MikePerryIterationFires20110911  |         Parent:                
   Points:                                   |   Actualpoints:                
---------------------------------------------+------------------------------

Comment(by mikeperry):

 Ok, the string did not solve the issue...

 Monitoring about:cache definitely shows that without safecache, the ocsp
 requests are getting a postID prepended, and it is a very high value (the
 internal use of mPostID increments starting from 0). Perhaps the OCSP
 support is also abusing the cacheKey for internal use? But that still
 doesn't explain why leaving it alone and appending a different string at
 the end of the cache key makes a difference...

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3754#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #3913 [Tor bundles/installation]: Enable pipelining
Next by Author: Re: [tor-bugs] #3754 [TorBrowserButton]: SafeCache implementation breaks OCSP validation
Previous by thread: Re: [tor-bugs] #3754 [TorBrowserButton]: SafeCache implementation breaks OCSP validation
Next by thread: Re: [tor-bugs] #3754 [TorBrowserButton]: SafeCache implementation breaks OCSP validation
Index(es):
- Author
- Thread