Tor Browser: Disable self-signed certificate warnings when visiting .onion sites
Categories
(Core :: Security: PSM, enhancement, P5)
Tracking
()
People
(Reporter: morgan, Unassigned)
References
Details
(Whiteboard: [tor][psm-waiting])
Background: https://trac.torproject.org/projects/tor/ticket/13410
We want to disable/remove certain SSL warnings when a user visits onion services using HTTPS with self-signed certs and certs signed by an unknown certificate authority. I've looked into it for the past week or so, and have settled on this small patch:
https://gitweb.torproject.org/user/richard/tor-browser.git/commit/?h=bug_13410_v1
We seem to get the desired behaviour (no warnings on self-signed, or unknown CA signed HTTPS onion sites; yes warnings for other errors such as mismatched domain name, expired cert; vanilla HTTPS websites behaviour unaffected) but as this is not my area of expertise I'd like to get a code review from someone more familiar with the intricacies of SSL to have a look (tjr suggested dkeeeler).
Thanks!
|
||
Comment 1•5 years ago
|
||
I assume you're aware of https://github.com/alecmuffett/onion-dv-certificate-proposal/blob/master/text/draft-muffett-same-origin-onion-certificates.txt?
In any case, what we told Alec was the best way to do this would be to implement a separate TrustDomain that would perform those checks and potentially a separate CertVerifier that would replace the default one when the Tor Browser is compiled/configured to use it.
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
This would be a security vulnerability since the current warnings provide a way to trust-on-first-use which is certificate pinning.
The patch needs to have trust-on-first-use certificate pinning similar to the current functionality added.
|
||
Updated•3 years ago
|
Description
•