[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] x509 cert mismatch gmail badexit

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] x509 cert mismatch gmail badexit
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Wed, 18 Jan 2012 21:43:38 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Jan 2012 21:43:56 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=EYNlXJIiRodfvgbkNZRic/29ncXNV/JoETYAio2bX9c=; b=vUGjgdSk4x2FNYQdmzZVP1+M8q6vXRJF1EZ2012lII8s+O9+tpv1HsaOVeNx5/zAqk 53ZEdWzoFrw3mm7CyOcyN+STZis0rqOoBbtSsVQ4oJDcr3+yuTeG7RoXwBob+HlMddLM hUsRB3QJoCvXneYIx04P1wRo59Y3CFtYi8Xuw=
In-reply-to: <CAMfhd9VoDJWb+WPjPH13RpVAzW=m7yzqQyoO4nNfm-1_5deqgQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAD2Ti2_H4eTUyUgmKRH_jb1maKxQxFDvB1AspMj922gh+EZsbg@xxxxxxxxxxxxxx> <CAMfhd9VoDJWb+WPjPH13RpVAzW=m7yzqQyoO4nNfm-1_5deqgQ@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

> If you get strange Google certs, please report them to me including the full
> PEM chain (openssl s_client -showcerts will output them.)

Yeah, x509 is no problem. Now if Tor would have a config
option to log just the socks_request that was made to the exit_node that
was used, that would make things easy. I'd log all my stuff because it's
immensely useful, especially with 'Tamper Data' and packet tools.

As it is now, either:
- hopping manually into the Tor console is too late because the data expired.
- we have to console log two things and trim a lot of fat to get the pairing.
usefeature extended_events
usefeature verbose_names
setevents circ
setevents stream
getinfo circuit-status
getinfo stream-status

Unless we're already watching the console, much easier to just newnym and
forget it. Something like 'LogReq2Exit <file|facility:level>' would be nice.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] x509 cert mismatch gmail badexit
  - From: grarpamp

Prev by Author: [tor-talk] x509 cert mismatch gmail badexit
Next by Author: [tor-talk] x509 cert mismatch gmail badexit
Previous by thread: [tor-talk] x509 cert mismatch gmail badexit
Next by thread: [tor-talk] x509 cert mismatch gmail badexit
Index(es):
- Author
- Thread