[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #19994 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Forwards URLs with dedicated port number which causes breakage

Subject: [tor-bugs] #19994 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Forwards URLs with dedicated port number which causes breakage
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 26 Aug 2016 07:23:09 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 26 Aug 2016 03:23:18 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#19994: Forwards URLs with dedicated port number which causes breakage
-------------------------------------------------------+------------------
     Reporter:  hanno                                  |      Owner:  jsha
         Type:  defect                                 |     Status:  new
     Priority:  Medium                                 |  Milestone:
    Component:  HTTPS Everywhere/EFF-HTTPS Everywhere  |    Version:
     Severity:  Normal                                 |   Keywords:
Actual Points:                                         |  Parent ID:
       Points:                                         |   Reviewer:
      Sponsor:                                         |
-------------------------------------------------------+------------------
 I recently stumbled upon someone linking his pgp key to an url at
 pgp.mit.edu like this one:
 http://pgp.mit.edu:11371/

 Now HTTPS Everywhere has pgp.mit.edu listed as an https url, therefore it
 tries to forward it. However there is no reasonable way to forward such an
 URL, as it has a dedicated port number. HTTPS everywhere tries to forward
 it to this:
 https://pgp.mit.edu:11371/

 This obviously does not work, as it is now trying to connect via TLS on
 the same port that an HTTP server is running.

 In this case it would work to forward to the "normal" https port, aka:
 https://pgp.mit.edu/
 But this is merely a very special situation, because it seems for
 pgp.mit.edu the same service is running on the normal 80/443 http/https
 ports.

 I think the general solution should be to never forward URLs that have a
 specific port set.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19994>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #15852 [Applications/Tor Browser]: Remove/synchronize Torbutton SOCKS pref logic
Next by Author: Re: [tor-bugs] #17244 [Applications/Tor Browser]: Low entropy PRNG usage in Tor Browser?
Previous by thread: [tor-bugs] #19993 [- Select a component]: Thunder Rock Male Enhancement
Next by thread: Re: [tor-bugs] #2903 [Applications/Torbutton]: Loading a startup page is not working properly
Index(es):
- Author
- Thread