[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to pin the SSL certificate for torproject.org?



On 6 July 2012 11:46,  <proper@xxxxxxxxxxxxxxx> wrote:
> A malicious certificate for torproject.org has been given out at least twice by broken certificate authorities. (Comodo, DigiNotar, who is next...)
>
> To prevent that in future, I'd like to pin the SSL certificate's fingerprint. How can that be done? Running an own local CA or is there an easier way?

In what application?

In Chrome, your best bet would be to compile Chromium and add the
project cert into their pinned list in the code before doing so.
In Firefox, you'd probably be best served by using Convergence or
CertPatrol to verify the certificate through external validators or
notify you if the certificate changes (respectively).

In other applications: IE, wget, curl, etc - there aren't any
'prebuilt' options - you'd have to write some sort of plugin or hook
yourself.

-tom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk