[tor-bugs] #9167 [Flashproxy]: Find a more stable key pinning scheme for www.google.com
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 11 22:34:04 UTC 2013
#9167: Find a more stable key pinning scheme for www.google.com
------------------------+---------------------------------------------------
Reporter: dcf | Owner: dcf
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: Flashproxy | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Changes (by dcf):
* status: new => needs_review
Comment:
Please take a look at these two patches.
The first refactors the connection to directly use OpenSSL functions
through M2Crypto. Python's `ssl.wrap_socket` doesn't provide enough
access: we can `getpeercert` but as far as I can tell there's no way to
get the certificate chain.
The second patch iterates over the certificate chain and looks for a
match. It also uses a sha1sum copied directly from the Chromium source
code.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9167#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list