[tor-bugs] #14269 [Tor Browser]: Imported certificate works only when "don't record browsing history" is unchecked

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 16 15:24:09 UTC 2015


#14269: Imported certificate works only when "don't record browsing history" is
unchecked
---------------------------------+------------------------------
     Reporter:  tbb403bugreport  |      Owner:  tbb-team
         Type:  defect           |     Status:  new
     Priority:  major            |  Milestone:
    Component:  Tor Browser      |    Version:  Tor: 0.2.5.10
   Resolution:                   |   Keywords:  TBB, certificate
Actual Points:                   |  Parent ID:
       Points:                   |
---------------------------------+------------------------------

Comment (by cypherpunks):

 Replying to [comment:2 isis]:
 > I would tentatively argue that this behaviour is a feature, not a bug.

 I disagree. While attackers like HT (or Lenovo...) can and do install
 malicious certs, average users also legitimately need to install their own
 sometimes and breaking this functionality don't do much but slow down the
 kind of attackers who are in a position to do this.

 Also in the case of that email, they were actually trying to install certs
 to *use* tor (to access the HT portal), not to attack tor (according to
 https://firstlook.org/theintercept/2015/07/16/hackingteam-attacked-tor-
 browser/ - i haven't read all the related emails).

 I, for one, would very much like to install the CAcert cert in my tor
 browser! I haven't tried with 4.5 yet but I've been unable to install
 certs the last times I've tried (probably circa tbb 4.0).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14269#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list