[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #12643 [Ooni]: Add service_identity to requirements.txt
#12643: Add service_identity to requirements.txt
-----------------------+-------------------------
Reporter: earthrise | Owner: hellais
Type: defect | Status: new
Priority: normal | Milestone:
Component: Ooni | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-----------------------+-------------------------
There's a warning message when Ooni starts on mlab1:
{{{
/home/mlab_ooni/lib/python2.6/site-
packages/Twisted-14.0.0-py2.6-linux-i686.egg/twisted/internet/_sslverify.py:184:
UserWarning: You do not have the service_identity module installed. Please
install it from <https://pypi.python.org/pypi/service_identity>. Without
the service_identity module and a recent enough pyOpenSSL tosupport it,
Twisted can perform only rudimentary TLS client hostnameverification.
Many valid certificate/hostname mappings may be rejected.
verifyHostname, VerificationError = _selectVerifyImplementation()
}}}
It's because requirements.txt is missing service_identity. I think it's a
security issue because it has to do with certificate validation, and the
service_identity page says:
'''ÂÂÂÂÂÂÂÂÂÂ "TL;DR''': Use this package if you use
[https://pypi.python.org/pypi/pyOpenSSL/ pyOpenSSL] and donât want to be
[http://en.wikipedia.org/wiki/Man-in-the-middle_attack MITM]ed."
This is being tracked for M-Lab in: !https://github.com/m-lab-tools/ooni-
support/issues/41
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12643>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs