[tor-bugs] #3754 [TorBrowserButton]: SafeCache implementation breaks OCSP validation
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Aug 18 07:37:38 UTC 2011
#3754: SafeCache implementation breaks OCSP validation
------------------------------+---------------------------------------------
Reporter: gk | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone:
Component: TorBrowserButton | Version: Torbutton: 1.4
Keywords: | Parent:
Points: | Actualpoints:
------------------------------+---------------------------------------------
If one configures Firefox to fail hard if there occurs an error while
validating certificates using OCSP the SafeCache implementation leads to
failures that do not exist without it. Steps to reproduce:
1) Configure Firefox properly (check "Use the Online Certificate Status
Protocol (OCSP) to confirm the current validity of certificates"; Use
"Validate all certificates using the following OCSP Server" and take the
first one (in my case: https://rca.e-szigno.hu/ocsp); check "When an OCSP
connection fails, treat the certificate as invalid"
2) Restart Firefox and surf to e.g. https://anonymous-proxy-
servers.net/forum/ if that does not already break the validation then open
in a second tab https://ssl.scoogle.org and it breaks always.
3) Do the same without Torbutton installed and it works fine.
The problematic code is (for whatever reason, I am currently debugging it
as JonDoFox is affected as well):
{{{
if(!this.readCacheKey(channel.cacheKey)) {
this.setCacheKey(channel, channel.URI.host);
} else {
SSC_dump("Existing cache key detected; leaving it unchanged.");
}
}}}
If you comment that code everything works fine in Torbutton again.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3754>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list