[tor-bugs] #26456 [Applications/Tor Browser]: HTTP .onion sites inherit previous page's certificate information

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 30 20:43:01 UTC 2018 

#26456: HTTP .onion sites inherit previous page's certificate information
--------------------------------------------+------------------------------
 Reporter:  pospeselr                       |          Owner:  pospeselr
     Type:  defect                          |         Status:  needs_review
 Priority:  Very High                       |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201807  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------
Changes (by gk):

 * status:  needs_revision => needs_review
 * cc: mcs, brade, arthuredelstein (added)


Comment:

 Replying to [comment:7 pospeselr]:
 > So (in the original code)the updateStatus flag does 2 things:
 > - first, it's used to determine whether mSSLStatus needs to be updated
 with the new cert info if the incoming info (nsISupports) is an
 nsISSLStatus
 > - second, it's passed on down to UpdateSecurityState where it is OR'd
 with other flags to determine whether a notification needs to go out that
 security info has changed.
 >
 > If the 'STATE_IS_SECURE' flag is set, than the mSSLStatus is cleared out
 later on in UpdateSecurityState.  The changes in the patch force the
 mSSLStatus to get null'd out early since the later check will fail because
 onion domains get the 'STATE_IS_SECURE' flag, even without SSL info.
 >
 > The patch makes it so HTTP onion pages clear out the mSSLStatus based on
 whether 'info' is an nsISSLStatusProvider.  For vanilla HTTP pages,
 mSSLStatus is now cleared out twice: once based on 'info' (as with HTTP
 onion pages) and once again when the security flags change to
 'lis_no_security'.

 Thanks for the explanation.

 > That all said, I'll run this (and the previous patch) through the
 firefox try server and verify we haven't broken anything.

 How did it go?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26456#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list