[tor-bugs] #25804 [Obfuscation/Snowflake]: Domain fronting to App Engine stopped working
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 1 07:20:52 UTC 2018
#25804: Domain fronting to App Engine stopped working
-----------------------------------+------------------------
Reporter: dcf | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: moat | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+------------------------
Comment (by dcf):
Replying to [comment:7 yawning]:
> Replying to [comment:6 dcf]:
> > Here is a cheesy proof of concept. It's not suitable because it
disable certificate verification (`InsecureSkipVerify`). What's needed is
another parameter to verify the certificate ''as if'' we had accessed
www.google.com (or other specific domain).
>
> https://golang.org/pkg/crypto/tls/#Config (VerifyPeerCertificate)
> https://golang.org/pkg/crypto/x509/#Certificate.Verify
I posted some prototype code in comment:11:ticket:12208. I would
appreciate some review on it. It handles our use case of doing a TLS
handshake without SNI, but still verifying the certificate.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25804#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list