[tor-bugs] #30509 [Circumvention/Snowflake]: snowflake-broker certificate fetch failing after update

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 14 20:34:12 UTC 2019 

#30509: snowflake-broker certificate fetch failing after update
-------------------------------------+------------------------
 Reporter:  cohosh                   |          Owner:  (none)
     Type:  defect                   |         Status:  new
 Priority:  Immediate                |      Milestone:
Component:  Circumvention/Snowflake  |        Version:
 Severity:  Normal                   |     Resolution:
 Keywords:                           |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+------------------------
Changes (by dcf):

 * cc: dcf (added)


Comment:

 The WebSocket bridge has a certificate cache:
 https://gitweb.torproject.org/pluggable-
 transports/snowflake.git/tree/server/server.go?id=d865b7c252d3a7efd789a84757fc2635b1964921#n309
 The broker doesn't cache certificates, but it should, to avoid this kind
 of problem.

 In the meantime I can get a conventional cert, but we'll have to add
 `--cert` and `--key` options to the broker like meek-server has:
 https://gitweb.torproject.org/pluggable-transports/meek.git/tree/meek-
 server/meek-server.go?h=0.33#n394

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30509#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list