[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.0-1] fixup! Bug 23247: Communicating security expectations for .onion

Pier Angelo Vendrame (@pierov) git at gitlab.torproject.org
Wed Dec 13 16:34:26 UTC 2023 


Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Tor Browser


Commits:
d8b47d80 by Pier Angelo Vendrame at 2023-12-13T17:34:16+01:00
fixup! Bug 23247: Communicating security expectations for .onion

Bug 42334: Adapt our self-signed patch to Bug 1611381

Bug 1611381 introduced a few changes to catch more self-signed
certificates. As a result, we risk of accepting some cases different
than unknown issuer for .onion certificates, such as bad signature or
invalid use for a certificate.

It makes sense to still display an error for such cases, and to keep
accepting only unknown issuers.

- - - - -


1 changed file:

- security/certverifier/CertVerifier.cpp


Changes:

=====================================
security/certverifier/CertVerifier.cpp
=====================================
@@ -865,12 +865,15 @@ Result CertVerifier::VerifySSLServerCert(
       // find other certificates with the same subject but different keys, and
       // the certificate is self-signed.
       if (StringEndsWith(hostname, ".onion"_ns)) {
-        // Self signed cert over onion is deemed secure, the hidden service
-        // provides authentication. We defer returning this error and keep
-        // processing to determine if there are other legitimate certificate
-        // errors (such as expired, wrong domain) that we would like to surface
-        // to the user
-        errOnionWithSelfSignedCert = true;
+        // Self signed cert over onion is deemed secure in some cases, as the
+        // onion service provides encryption.
+        // Firefox treats some errors as self-signed certificates and it allows
+        // to override them. For Onion services, we prefer being stricter, and
+        // we return the original errors.
+        // Moreover, we need also to determine if there are other legitimate
+        // certificate errors (such as expired, wrong domain) that we would like
+        // to surface to the user.
+        errOnionWithSelfSignedCert = rv == Result::ERROR_UNKNOWN_ISSUER;
       } else {
         return Result::ERROR_SELF_SIGNED_CERT;
       }



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d8b47d80163d8316f8c0b45af5e663e6c994c153

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d8b47d80163d8316f8c0b45af5e663e6c994c153
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20231213/e0ef8eef/attachment-0001.htm>

More information about the tor-commits mailing list