[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16421 [Ooni]: Have ooniprobe download the TLS certificate chain

Subject: Re: [tor-bugs] #16421 [Ooni]: Have ooniprobe download the TLS certificate chain
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 22 Jun 2015 23:14:46 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 22 Jun 2015 19:14:56 -0400
In-reply-to: <043.2d5fa78c0b0b03fba713033c78571ac7@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.2d5fa78c0b0b03fba713033c78571ac7@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16421: Have ooniprobe download the TLS certificate chain
-----------------------------+---------------------
     Reporter:  dcf          |      Owner:  hellais
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Ooni         |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+---------------------

Comment (by dcf):

 An ooni-dev thread where I asked about it:
   https://lists.torproject.org/pipermail/ooni-dev/2015-June/000290.html
 The [https://github.com/TheTorProject/ooni-
 probe/blob/4fe2884b80fb91934e517f1a126fe75020f229f9/ooni/nettests/experimental/tls_handshake.py
 experimental/tls_handshake.py] nettest adds a bunch of instrumentation to
 the TLS handshake but it seems not to be run by default. I only found a
 handful of reports from 2013 using it.

 Arturo [https://lists.torproject.org/pipermail/ooni-
 dev/2015-June/000291.html points to] [https://github.com/hellais/sslpin
 sslpin] as an example of certificate pinning.

 meejah [https://lists.torproject.org/pipermail/ooni-
 dev/2015-June/000296.html points to]
 [https://github.com/meejah/carml/blob/0ed2d3e43f327e4a88e7843c702cc798381da6d9/carml/command/downloadbundle.py#L59
 manual certificate verification in carml], which builds a subclass of
 [https://twistedmatrix.com/documents/current/api/twisted.internet.ssl.ClientContextFactory.html
 twisted.internet.ssl.ClientContextFactory], which seems to get a
 certificate chain in its `__init__` method.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16421#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #16421 [Ooni]: Have ooniprobe download the TLS certificate chain
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #16421 [Ooni]: Have ooniprobe download the TLS certificate chain
Next by Author: Re: [tor-bugs] #12523 [Tor Browser]: Backport Firefox patch to mark JIT pages as non-writable
Previous by thread: [tor-bugs] #16421 [Ooni]: Have ooniprobe download the TLS certificate chain
Next by thread: [tor-bugs] #16422 [- Select a component]: The Confusion Over Wrinkle Creams
Index(es):
- Author
- Thread