[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] fixup! Bug 23247: Communicating security expectations for .onion

Title: GitLab

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser

Commits:

  • 56ae0dfc
    by Pier Angelo Vendrame at 2023-12-13T16:55:36+01:00 
    fixup! Bug 23247: Communicating security expectations for .onion

Bug 42334: Adapt our self-signed patch to Bug 1611381

Bug 1611381 introduced a few changes to catch more self-signed
certificates. As a result, we risk of accepting some cases different
than unknown issuer for .onion certificates, such as bad signature or
invalid use for a certificate.

It makes sense to still display an error for such cases, and to keep
accepting only unknown issuers.

1 changed file:

Changes:

  • security/certverifier/CertVerifier.cpp
    ... ... @@ -865,12 +865,15 @@ Result CertVerifier::VerifySSLServerCert(
    865 865 
           // find other certificates with the same subject but different keys, and
    866 866 
           // the certificate is self-signed.
    867 867 
           if (StringEndsWith(hostname, ".onion"_ns)) {
    868 
    -        // Self signed cert over onion is deemed secure, the hidden service
    869 
    -        // provides authentication. We defer returning this error and keep
    870 
    -        // processing to determine if there are other legitimate certificate
    871 
    -        // errors (such as expired, wrong domain) that we would like to surface
    872 
    -        // to the user
    873 
    -        errOnionWithSelfSignedCert = true;
    868 
    +        // Self signed cert over onion is deemed secure in some cases, as the
    869 
    +        // onion service provides encryption.
    870 
    +        // Firefox treats some errors as self-signed certificates and it allows
    871 
    +        // to override them. For Onion services, we prefer being stricter, and
    872 
    +        // we return the original errors.
    873 
    +        // Moreover, we need also to determine if there are other legitimate
    874 
    +        // certificate errors (such as expired, wrong domain) that we would like
    875 
    +        // to surface to the user.
    876 
    +        errOnionWithSelfSignedCert = rv == Result::ERROR_UNKNOWN_ISSUER;
    874 877 
           } else {
    875 878 
             return Result::ERROR_SELF_SIGNED_CERT;
    876 879 
           }


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help 

    _______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits