[tor-bugs] #3754 [TorBrowserButton]: SafeCache implementation breaks OCSP validation

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat Sep 3 00:41:09 UTC 2011


#3754: SafeCache implementation breaks OCSP validation
---------------------------------------------+------------------------------
 Reporter:  gk                               |          Owner:  mikeperry     
     Type:  defect                           |         Status:  new           
 Priority:  major                            |      Milestone:                
Component:  TorBrowserButton                 |        Version:  Torbutton: 1.4
 Keywords:  MikePerryIterationFires20110911  |         Parent:                
   Points:                                   |   Actualpoints:                
---------------------------------------------+------------------------------

Comment(by mikeperry):

 Ok, the string did not solve the issue...

 Monitoring about:cache definitely shows that without safecache, the ocsp
 requests are getting a postID prepended, and it is a very high value (the
 internal use of mPostID increments starting from 0). Perhaps the OCSP
 support is also abusing the cacheKey for internal use? But that still
 doesn't explain why leaving it alone and appending a different string at
 the end of the cache key makes a difference...

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3754#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list