[tor-bugs] #19994 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Forwards URLs with dedicated port number which causes breakage
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 26 07:23:09 UTC 2016
#19994: Forwards URLs with dedicated port number which causes breakage
-------------------------------------------------------+------------------
Reporter: hanno | Owner: jsha
Type: defect | Status: new
Priority: Medium | Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------------------------+------------------
I recently stumbled upon someone linking his pgp key to an url at
pgp.mit.edu like this one:
http://pgp.mit.edu:11371/
Now HTTPS Everywhere has pgp.mit.edu listed as an https url, therefore it
tries to forward it. However there is no reasonable way to forward such an
URL, as it has a dedicated port number. HTTPS everywhere tries to forward
it to this:
https://pgp.mit.edu:11371/
This obviously does not work, as it is now trying to connect via TLS on
the same port that an HTTP server is running.
In this case it would work to forward to the "normal" https port, aka:
https://pgp.mit.edu/
But this is merely a very special situation, because it seems for
pgp.mit.edu the same service is running on the normal 80/443 http/https
ports.
I think the general solution should be to never forward URLs that have a
specific port set.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19994>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list