[tbb-bugs] #26456 [Applications/Tor Browser]: HTTP .onion sites inherit previous page's certificate information
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 17 17:05:41 UTC 2018
#26456: HTTP .onion sites inherit previous page's certificate information
--------------------------------------------+------------------------------
Reporter: pospeselr | Owner: pospeselr
Type: defect | Status:
| needs_revision
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff60-esr, TorBrowserTeam201807 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------------+------------------------------
Changes (by gk):
* keywords: ff60-esr, TorBrowserTeam201807R => ff60-esr,
TorBrowserTeam201807
* status: needs_review => needs_revision
Comment:
One nit and one concern/question. The nit:
{{{
if(mSSLStatus != nullptr) {
}}}
please add a whitespace after `if`.
So, the current code seems to keep the `mSSLStatus` as-is in case `if
(sp)` is `false`. I wonder if that is intentional and a use-case we should
keep in mind (your patch is essentially getting rid of that possibility).
Is there a way we can reach that scenario? It seems to me the answer is
"Yes", just by looking at the way the code is written. However, I am not
sure which transition from load A to load B would match this in reality.
It worries me that we are missing something here, so it might be worth
double-checking.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26456#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list