[tor-bugs] #19963 [Internal Services/Service - trac]: Cannot login to trac through the onion service
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Sep 19 23:40:29 UTC 2016
#19963: Cannot login to trac through the onion service
----------------------------------------------+---------------------
Reporter: cypherpunks | Owner: qbi
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Service - trac | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------------+---------------------
Comment (by cypherpunks):
Brainstorming:
* Patch trac to remove the "secure flag" requirement for the onion
service.
* Patch it to not require cookies (It's always annoying to log in here
because I have to go adjust browser settings, but I guess it wouldn't be
easy to patch).
* Use a self-signed certificate, but "cheat" and ship it with the Tor
Browser.
* Or make a CA constrained to torproject.org and ship that with the
browser.
* Patch the browser to set secure=1 for .onion URLs. (Proper review to
determine the security impact probably makes this not worth the effort.)
* Figure out how to get a certificate from a CA. Consider it an
experiment, and document the process so others can do the same.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19963#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list