[tor-bugs] #4549 [Tor Bridge]: Implement user-defined certificate strings through torrc (part of the proposal 179 efforts)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Nov 25 03:19:54 UTC 2011 

#4549: Implement user-defined certificate strings through torrc (part of the
proposal 179 efforts)
------------------------+---------------------------------------------------
 Reporter:  asn         |          Owner:                    
     Type:  defect      |         Status:  needs_review      
 Priority:  normal      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Bridge  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by nickm):

 This is based on the same messed-up master as #4548 was, and is all mixed
 up with #4548 changes.  Next time I'd prefer have something where it's
 easy to tell which actual commits I'm supposed to review.  As near as I
 can tell here, it's supposed to be everything in bug4549 starting with
 fb8b31c3fb26d03.

 Notes on review:

  * wrt the tor_tls_set_custom_cert_strings interface: There is a great
 quote from Alan Perlis: "If you have a procedure with ten parameters, you
 probably missed some."   These arguments probably want to turn into a
 single argument of type tor_cert_cfg_t, to be defined in tortls.h
  * Customizeable start and end time and serial number: these are probably
 a mistake.  Serial number needs to be different for every generated cert
 with the same issuer; start time and end time seem like they're begging
 you to have your Tor not work because you made your own cert expire.
 Instead let's go with certs that expire after a year or something; that
 seems to be the standard lifetime.
  * tor_X509_name_new now has tons of copy-and-paste code.  That's not so
 good; let's use a function or a macro to make it shorter.
  * There's no need to use BN_pseudo_rand to get a random number; just use
 Tor's crypto_rand_int or whatever it's called.
  * The documentation for tor_decorate_cert makes no sense to me.  How does
 stuff "float around" ?  What does it mean to "decorate" a cert?  Which
 certs get decorated?  Why is this a separate function?
  * Looks like the covert-channel-in-the-serialnumber junk is still in here
 too; it'll need to come out.

 Questions/ideas:

  * It looks like you apply the issuer name stuff to be the name of EVERY
 issuer, and the subject name to be subject name on EVERY cert?  That isn't
 right, if so.  This stuff only wants to apply to the initial presented-in-
 cleartext cert, which now wants to be different from the cert chain
 presented after in the v2 or v3 handshake.  The cert chain probably wants
 to stay unchanged.
  * How have you tested this?
  * Maybe we should have the ability to store these and the corresponding
 link keys in the datadir.  If so, that should probably get done along with
 the "load a custom cert from disk" work.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4549#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list