[tor-bugs] #9713 [EFF-HTTPS Everywhere]: Users report HTTPS Everywhere 0.development.11 in some sort of clients1.google.com loop?

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 11 23:00:08 UTC 2013 

#9713: Users report HTTPS Everywhere 0.development.11 in some sort of
clients1.google.com loop?
--------------------------------------+----------------------
     Reporter:  erinn                 |      Owner:  micahlee
         Type:  defect                |     Status:  assigned
     Priority:  normal                |  Milestone:
    Component:  EFF-HTTPS Everywhere  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+----------------------

Comment (by cypherpunks):

 Replying to [comment:3 erinn]:
 > I still haven't been able to trigger it at all. FWIW, I'm using Debian
 (unstable).
 [[BR]]
 Further to [comment:2 comment 2], I've tried Debian Testing amd64 in
 VirtualBox.  The problem is identical.  I've even dug up an ancient, much
 slower Windows XP machine, and it's just the same there.  So, it doesn't
 seem to be a timing issue.

 Erinn, I've got to ask: Do you have Online Certificate Status Protocol
 disabled in your Tor Browser?  That, of course, also stops the problem
 from occurring.

 I've now had a look at the Google Services ruleset.  It does re-write for
 the clients1.google.com domain.
 {{{
         <rule
 from="^http://(apis|appengine|books|calendar|cbks0|checkout|chrome|clients[12]|code|[\w-]+\.corp|developers|dl|docs\d?|drive|encrypted
 |encrypted-
 tbn[123]|feedburner|fiber|gg|glass||health|helpouts|history|(?:hosted)?talkgadget|investor|lh\d|(?:chatenabled\.)?mail|pack|pki|play|plus(?:\.sandbox)?|plusone|productforums|profiles
 |safebrowsing-cache|cert-test\.sandbox|sb-
 ssl|script|security|servicessites|sites|spreadsheets\d?|support|talk|tools)\.google\.com/"
                 to="https://$1.google.com/" />
 }}}
 I edited that rule to remove "clients[12]|", put an edited copy of the
 ruleset in the HTTPSEverywhereUserRules directory in Tor Browser's profile
 and disabled the copy built in to the extension.  The problem went away.

 I don't think HTTPS Everywhere should be touching any of the requests that
 are part of OCSP.  All responses that are not error codes are signed
 anyway.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9713#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list