[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3754 [TorBrowserButton]: SafeCache implementation breaks OCSP validation



#3754: SafeCache implementation breaks OCSP validation
---------------------------------------------+------------------------------
 Reporter:  gk                               |          Owner:  mikeperry     
     Type:  defect                           |         Status:  new           
 Priority:  major                            |      Milestone:                
Component:  TorBrowserButton                 |        Version:  Torbutton: 1.4
 Keywords:  MikePerryIterationFires20110911  |         Parent:                
   Points:                                   |   Actualpoints:                
---------------------------------------------+------------------------------

Comment(by mikeperry):

 Ok, the string did not solve the issue...

 Monitoring about:cache definitely shows that without safecache, the ocsp
 requests are getting a postID prepended, and it is a very high value (the
 internal use of mPostID increments starting from 0). Perhaps the OCSP
 support is also abusing the cacheKey for internal use? But that still
 doesn't explain why leaving it alone and appending a different string at
 the end of the cache key makes a difference...

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3754#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs