[tor-bugs] #9713 [EFF-HTTPS Everywhere]: HTTPS Everywhere 4.0development.11 causes google.com OCSP meltdown (was: Users report HTTPS Everywhere 0.development.11 in some sort of clients1.google.com loop?)

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 12 16:04:58 UTC 2013 

#9713: HTTPS Everywhere 4.0development.11 causes google.com OCSP meltdown
--------------------------------------+----------------------
     Reporter:  erinn                 |      Owner:  micahlee
         Type:  defect                |     Status:  assigned
     Priority:  normal                |  Milestone:
    Component:  EFF-HTTPS Everywhere  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+----------------------

Comment (by pde):

 I was able to reproduce this, and [https://gitweb.torproject.org/https-
 everywhere.git/commitdiff/7f6a3e0087b7e16f0470798d44a97d8c09d2e9ce this
 fixes it] (I also did [https://gitweb.torproject.org/https-
 everywhere.git/commitdiff/7f6a3e0087b7e16f0470798d44a97d8c09d2e9ce this]
 which isn't necessary but maybe I'll leave there because I'm paranoid).

 This bug seems to be a combination of the fact that we rewrote an OCSP
 request and the resulting HTTPS url required an OCSP request ''to the same
 server''.  Probably Firefox is launching an infinite number of distinct
 OCSP requests.  Mike, lmk if you think of a way to use nsIContentPolicy to
 ensure that we never touch OCSP!

 The trigger: it seems as though MB [https://gitweb.torproject.org/https-
 everywhere.git/commitdiff/0094080148f8cac22b7d7e42f7382a8ca5f8fc3c added]
 a whole-domain rewrite for clients[12].google.com to the Google Services
 ruleset; it was merged and shipped in 4.0development.11.  As Cypherpunks
 noted above, that's causing the problem and is separate from the search-
 specific rewrites we've had on clients[0-9].google.com
 [https://gitweb.torproject.org/https-
 everywhere.git/blob/3.0:/src/chrome/content/rules/GoogleSearch.xml#l98 for
 a long time]

 This is only affects our development branch users, but it is REEEEALLY
 nasty.  We need a development release as soon as humanly possible!

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9713#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list