Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Tor Browser

Commits:

• d8b47d80
  by Pier Angelo Vendrame at 2023-12-13T17:34:16+01:00

  fixup! Bug 23247: Communicating security expectations for .onion
  
  Bug 42334: Adapt our self-signed patch to Bug 1611381
  
  Bug 1611381 introduced a few changes to catch more self-signed
  certificates. As a result, we risk of accepting some cases different
  than unknown issuer for .onion certificates, such as bad signature or
  invalid use for a certificate.
  
  It makes sense to still display an error for such cases, and to keep
  accepting only unknown issuers.
  

1 changed file:

• security/certverifier/CertVerifier.cpp

Changes:

       // find other certificates with the same subject but different keys, and

       // the certificate is self-signed.

       if (StringEndsWith(hostname, ".onion"_ns)) {

-        // Self signed cert over onion is deemed secure, the hidden service

-        // provides authentication. We defer returning this error and keep

-        // processing to determine if there are other legitimate certificate

-        // errors (such as expired, wrong domain) that we would like to surface

-        // to the user

-        errOnionWithSelfSignedCert = true;

+        // Self signed cert over onion is deemed secure in some cases, as the

+        // onion service provides encryption.

+        // Firefox treats some errors as self-signed certificates and it allows

+        // to override them. For Onion services, we prefer being stricter, and

+        // we return the original errors.

+        // Moreover, we need also to determine if there are other legitimate

+        // certificate errors (such as expired, wrong domain) that we would like

+        // to surface to the user.

+        errOnionWithSelfSignedCert = rv == Result::ERROR_UNKNOWN_ISSUER;

       } else {

         return Result::ERROR_SELF_SIGNED_CERT;

       }