[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9713 [EFF-HTTPS Everywhere]: Users report HTTPS Everywhere 0.development.11 in some sort of clients1.google.com loop?



#9713: Users report HTTPS Everywhere 0.development.11 in some sort of
clients1.google.com loop?
--------------------------------------+----------------------
     Reporter:  erinn                 |      Owner:  micahlee
         Type:  defect                |     Status:  assigned
     Priority:  normal                |  Milestone:
    Component:  EFF-HTTPS Everywhere  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+----------------------

Comment (by cypherpunks):

 Replying to [comment:3 erinn]:
 > I still haven't been able to trigger it at all. FWIW, I'm using Debian
 (unstable).
 [[BR]]
 Further to [comment:2 comment 2], I've tried Debian Testing amd64 in
 VirtualBox.  The problem is identical.  I've even dug up an ancient, much
 slower Windows XP machine, and it's just the same there.  So, it doesn't
 seem to be a timing issue.

 Erinn, I've got to ask: Do you have Online Certificate Status Protocol
 disabled in your Tor Browser?  That, of course, also stops the problem
 from occurring.

 I've now had a look at the Google Services ruleset.  It does re-write for
 the clients1.google.com domain.
 {{{
         <rule
 from="^http://(apis|appengine|books|calendar|cbks0|checkout|chrome|clients[12]|code|[\w-]+\.corp|developers|dl|docs\d?|drive|encrypted
 |encrypted-
 tbn[123]|feedburner|fiber|gg|glass||health|helpouts|history|(?:hosted)?talkgadget|investor|lh\d|(?:chatenabled\.)?mail|pack|pki|play|plus(?:\.sandbox)?|plusone|productforums|profiles
 |safebrowsing-cache|cert-test\.sandbox|sb-
 ssl|script|security|servicessites|sites|spreadsheets\d?|support|talk|tools)\.google\.com/"
                 to="https://$1.google.com/"; />
 }}}
 I edited that rule to remove "clients[12]|", put an edited copy of the
 ruleset in the HTTPSEverywhereUserRules directory in Tor Browser's profile
 and disabled the copy built in to the extension.  The problem went away.

 I don't think HTTPS Everywhere should be touching any of the requests that
 are part of OCSP.  All responses that are not error codes are signed
 anyway.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9713#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs