[tor-bugs] #26456 [Applications/Tor Browser]: HTTP .onion sites inherit previous page's certificate information

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 17 17:05:41 UTC 2018


#26456: HTTP .onion sites inherit previous page's certificate information
--------------------------------------------+------------------------------
 Reporter:  pospeselr                       |          Owner:  pospeselr
     Type:  defect                          |         Status:
                                            |  needs_revision
 Priority:  Very High                       |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201807  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------
Changes (by gk):

 * keywords:  ff60-esr, TorBrowserTeam201807R => ff60-esr,
     TorBrowserTeam201807
 * status:  needs_review => needs_revision


Comment:

 One nit and one concern/question. The nit:
 {{{
 if(mSSLStatus != nullptr) {
 }}}
 please add a whitespace after `if`.

 So, the current code seems to keep the `mSSLStatus` as-is in case `if
 (sp)` is `false`. I wonder if that is intentional and a use-case we should
 keep in mind (your patch is essentially getting rid of that possibility).
 Is there a way we can reach that scenario? It seems to me the answer is
 "Yes", just by looking at the way the code is written. However, I am not
 sure which transition from load A to load B would match this in reality.
 It worries me that we are missing something here, so it might be worth
 double-checking.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26456#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list