[tor-bugs] #13410 [Applications/Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 26 21:19:40 UTC 2020
#13410: Disable self-signed certificate warnings when visiting .onion sites
--------------------------------------------+------------------------------
Reporter: tom | Owner: pospeselr
Type: defect | Status: needs_review
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team, TorBrowserTeam202002R | Actual Points:
Parent ID: #30025 | Points:
Reviewer: | Sponsor:
| Sponsor27-must
--------------------------------------------+------------------------------
Changes (by pospeselr):
* keywords: ux-team => ux-team, TorBrowserTeam202002R
* status: assigned => needs_review
Comment:
A surprisingly small patch seems to work for the scenarios we care about,
and does nothing to the existing vanilla HTTPS website handling.
Scenarios tested:
|| Scenario Name || Result ||
|| HTTP Onion || Onion Icon ||
|| HTTPS Onion Self-Signed || Onion Icon ||
|| HTTPS Onion Unknown CA || Onion Icon ||
|| HTTPS Onion EV || Onion Icon + EV Name ||
|| HTTPS Onion Wrong Domain || Onion Warning Icon, Warning Splash Screen
||
|| HTTPS Onion Expired Self-Signed Cert || Onion Warning Icon, Warning
Splash Screen ||
|| HTTP(S) Onion + HTTP Script || Onion Slash Icon ||
|| HTTP(S) Onion + HTTP Content || Onion Warning Icon ||
|| HTTP(S) Onion + HTTPS Content || Onion Icon ||
|| HTTPS Onion + HTTP Form || Onion Ion + Warning Popup on Form Submit ||
HTTP Onion + HTTP Form does not give the warning popup and is tracked to
be fixed in #33298
tor-browser: https://gitweb.torproject.org/user/richard/tor-
browser.git/commit/?h=bug_13410_v1
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13410#comment:33>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list