[tor-bugs] #16421 [Ooni]: Have ooniprobe download the TLS certificate chain
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 22 23:14:46 UTC 2015
#16421: Have ooniprobe download the TLS certificate chain
-----------------------------+---------------------
Reporter: dcf | Owner: hellais
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Ooni | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+---------------------
Comment (by dcf):
An ooni-dev thread where I asked about it:
https://lists.torproject.org/pipermail/ooni-dev/2015-June/000290.html
The [https://github.com/TheTorProject/ooni-
probe/blob/4fe2884b80fb91934e517f1a126fe75020f229f9/ooni/nettests/experimental/tls_handshake.py
experimental/tls_handshake.py] nettest adds a bunch of instrumentation to
the TLS handshake but it seems not to be run by default. I only found a
handful of reports from 2013 using it.
Arturo [https://lists.torproject.org/pipermail/ooni-
dev/2015-June/000291.html points to] [https://github.com/hellais/sslpin
sslpin] as an example of certificate pinning.
meejah [https://lists.torproject.org/pipermail/ooni-
dev/2015-June/000296.html points to]
[https://github.com/meejah/carml/blob/0ed2d3e43f327e4a88e7843c702cc798381da6d9/carml/command/downloadbundle.py#L59
manual certificate verification in carml], which builds a subclass of
[https://twistedmatrix.com/documents/current/api/twisted.internet.ssl.ClientContextFactory.html
twisted.internet.ssl.ClientContextFactory], which seems to get a
certificate chain in its `__init__` method.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16421#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list