[tbb-bugs] #26456 [Applications/Tor Browser]: HTTP .onion sites inherit previous page's certificate information
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 18 18:14:24 UTC 2018
#26456: HTTP .onion sites inherit previous page's certificate information
--------------------------------------------+------------------------------
Reporter: pospeselr | Owner: pospeselr
Type: defect | Status:
| needs_revision
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff60-esr, TorBrowserTeam201807 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------------+------------------------------
Comment (by pospeselr):
So (in the original code)the updateStatus flag does 2 things:
- first, it's used to determine whether mSSLStatus needs to be updated
with the new cert info if the incoming info (nsISupports) is an
nsISSLStatus
- second, it's passed on down to UpdateSecurityState where it is OR'd with
other flags to determine whether a notification needs to go out that
security info has changed.
If the 'STATE_IS_SECURE' flag is set, than the mSSLStatus is cleared out
later on in UpdateSecurityState. The changes in the patch force the
mSSLStatus to get null'd out early since the later check will fail because
onion domains get the 'STATE_IS_SECURE' flag, even without SSL info.
The patch makes it so HTTP onion pages clear out the mSSLStatus based on
whether 'info' is an nsISSLStatusProvider. For vanilla HTTP pages,
mSSLStatus is now cleared out twice: once based on 'info' (as with HTTP
onion pages) and once again when the security flags change to
'lis_no_security'.
That all said, I'll run this (and the previous patch) through the firefox
try server and verify we haven't broken anything.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26456#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list