[tor-bugs] #25346 [Obfuscation/Snowflake]: Adapt snowflake-server to use ACME HTTP-01 challenge for automatic certificates
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 6 01:26:43 UTC 2018
#25346: Adapt snowflake-server to use ACME HTTP-01 challenge for automatic
certificates
-----------------------------------+------------------------------
Reporter: dcf | Owner: (none)
Type: defect | Status: needs_review
Priority: Medium | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+------------------------------
Changes (by dcf):
* status: new => needs_review
Comment:
Here is a simple patch. I started this running on
https://snowflake.bamsoftware.com/ and it just issued a fresh certificate.
Because the SNI-based ACME challenge needed HTTPS on port 443, and we were
going to be listening with HTTPS on other ports anyway, the way it was
formerly handled is that if there was no listener for port 443, we just
opened an additional one (as if the parent process had given us an
additional bindaddr).
Now we do something similar, except the additional listener we open on
port 80 only handles HTTP-01 messages; it doesn't implement WebSocket and
can't be used to reach tor.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25346#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list