[tbb-bugs] #26456 [Applications/Tor Browser]: HTTP .onion sites inherit previous page's certificate information

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 18 18:14:24 UTC 2018

#26456: HTTP .onion sites inherit previous page's certificate information
 Reporter:  pospeselr                       |          Owner:  pospeselr
     Type:  defect                          |         Status:
                                            |  needs_revision
 Priority:  Very High                       |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201807  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:

Comment (by pospeselr):

 So (in the original code)the updateStatus flag does 2 things:
 - first, it's used to determine whether mSSLStatus needs to be updated
 with the new cert info if the incoming info (nsISupports) is an
 - second, it's passed on down to UpdateSecurityState where it is OR'd with
 other flags to determine whether a notification needs to go out that
 security info has changed.

 If the 'STATE_IS_SECURE' flag is set, than the mSSLStatus is cleared out
 later on in UpdateSecurityState.  The changes in the patch force the
 mSSLStatus to get null'd out early since the later check will fail because
 onion domains get the 'STATE_IS_SECURE' flag, even without SSL info.

 The patch makes it so HTTP onion pages clear out the mSSLStatus based on
 whether 'info' is an nsISSLStatusProvider.  For vanilla HTTP pages,
 mSSLStatus is now cleared out twice: once based on 'info' (as with HTTP
 onion pages) and once again when the security flags change to

 That all said, I'll run this (and the previous patch) through the firefox
 try server and verify we haven't broken anything.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26456#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list