[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #25346 [Obfuscation/Snowflake]: Adapt snowflake-server to use ACME HTTP-01 challenge for automatic certificates

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #25346 [Obfuscation/Snowflake]: Adapt snowflake-server to use ACME HTTP-01 challenge for automatic certificates
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 06 Mar 2018 01:26:43 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 05 Mar 2018 20:27:08 -0500
In-reply-to: <043.fd506327fb7b637b6c1c25dd641684f9@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.fd506327fb7b637b6c1c25dd641684f9@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#25346: Adapt snowflake-server to use ACME HTTP-01 challenge for automatic
certificates
-----------------------------------+------------------------------
 Reporter:  dcf                    |          Owner:  (none)
     Type:  defect                 |         Status:  needs_review
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+------------------------------
Changes (by dcf):

 * status:  new => needs_review


Comment:

 Here is a simple patch. I started this running on
 https://snowflake.bamsoftware.com/ and it just issued a fresh certificate.

 Because the SNI-based ACME challenge needed HTTPS on port 443, and we were
 going to be listening with HTTPS on other ports anyway, the way it was
 formerly handled is that if there was no listener for port 443, we just
 opened an additional one (as if the parent process had given us an
 additional bindaddr).

 Now we do something similar, except the additional listener we open on
 port 80 only handles HTTP-01 messages; it doesn't implement WebSocket and
 can't be used to reach tor.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25346#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- Re: [tor-bugs] #25346 [Obfuscation/Snowflake]: Adapt snowflake-server to use ACME HTTP-01 challenge for automatic certificates
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #25481 [Applications/Tor Browser]: Ship tor in Tor Browser nightly builds on Linux with Rust enabled
Next by Author: [tor-bugs] #25678 [Core Tor/Tor]: Clarify how ed25519 extended private keys are used in rend-spec-v3.txt
Next by thread: Re: [tor-bugs] #21312 [Obfuscation/Snowflake]: snowflake-client is pegged at 100% cpu
Index(es):
- Author
- Thread