[tor-bugs] #8957 [EFF-HTTPS Everywhere]: The SSL Observatory client should listen for and submit invalid certs

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri May 24 17:26:30 UTC 2013


#8957: The SSL Observatory client should listen for and submit invalid certs
----------------------------------+-----------------------------------------
 Reporter:  pde                   |          Owner:  pde
     Type:  enhancement           |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------

Comment(by pde):

 <keeler> I should mention we're trying to deprecate nsIBadCertListener2 -
 you should be able to do what it does by opening a connection and
 receiving events on its channel
 <keeler> I've done a similar thing in test_ocsp_stapling.js in
 https://bugzilla.mozilla.org/page.cgi?id=splinter.html&bug=700693&attachment=747679
 <pde> keeler: by "opening a connection" to you mean making a ghost https
 request for every https domain the browser connects to?
 <pde> s/to/do
 <pde> ?
 <keeler> oh, no - that would be a bit of a bummer. I just meant for an
 individual request
 <keeler> I guess nsIBadCertListener2 is the only way to do it wholesale
 <pde> keeler: is there a bug we can watch for the future of
 nsIBadCertListener2?
 <keeler> pde: hmmm - maybe I was wrong about that. We removed some
 unnecessary implementations of it in bug 750421, but I don't think there's
 a bug on removing the interface entirely yet
 <firebot> Bug https://bugzilla.mozilla.org/show_bug.cgi?id=750421 enh, --,
 mozilla22, bsmith, RESO FIXED, Remove unnecessary nsIBadCertListener2 and
 nsISSLErrorListener implementations
 <bsmith> keeler pde: which interface?
 <keeler> nsIBadCertListener2
 <bsmith> keeler pde: it is possible to get the effect of
 nsIBadCertListener2 using other callbacks.
 <keeler> bsmith: for all connections?
 <bsmith> keeler: I think you can use nsIWebProgressListener and similar,
 in all contexts that oyu can use nsIBadCertListener2
 <keeler> oh yeah

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8957#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list