[tor-bugs] #13410 [Applications/Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 21 07:15:24 UTC 2018


#13410: Disable self-signed certificate warnings when visiting .onion sites
--------------------------------------+--------------------------
 Reporter:  tom                       |          Owner:  tbb-team
     Type:  defect                    |         Status:  reopened
 Priority:  Very High                 |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ux-team                   |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks):

 I spotted some V3 onions are using wildcard self-sign domain to sign their
 onions.

 https://yawning.torv3onionnamehere.onion/
 signed by: "*.torv3onionnamehere.onion"

 Because OpenSSL can't sign "yawning.torv3onionnamehere.onion" due to its
 maximum character length.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13410#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list