[guardian-dev] critical fixes to OnionKit's StrongTrustManager

Hans-Christoph Steiner hans at guardianproject.info
Tue Mar 12 15:13:29 EDT 2013


I definitely think we should be setting up generic automated tests like this.
 It should be possible then to automate android app tests on jenkins to run
against this.  That would be easiest to do via JUnit tests, but I suppose it
might be possible in a normal Android GUI app.

Would that be something to setup on debeater?

.hc

On 03/12/2013 03:06 PM, Abel Luck wrote:
> I think this is what we're looking for:
> 
> https://github.com/iSECPartners/tlspretense
> 
> Tom linked it to me in IRC, so credit to him for knowing about it,
> 
> The TL;DR is:
> 
> tlspretense creates a good CA, generates a bunch of certs to be
> validated. Each cert corresponds to a specific test case. It sets up a
> server and listens for client connections. For each connection it
> presents a cert, and logs whether the client completes the TLS handshake
> or not.
> 
> We could set this up on a server and run OnionKit against it. Would take
> 2-3 hours I bet.
> 
> ~abel
> 
> 
> Nathan of Guardian:
>> On 03/12/2013 02:19 PM, Nathan of Guardian wrote:
>>> If you want to see the fixes implemented so far, you can review the code
>>> here:
>>> https://github.com/guardianproject/OnionKit/pull/5
>>
>> Also, I am looking fun malicious certs/chains to run through test cases
>> for this code, or pointers on a quick way to generate a comprehensive
>> set of bad certs.
>>
>> Is there a repository somewhere of bad certs? Perhaps from malicious Tor
>> exit nodes?
>>
>> +n
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
>>
>> You are subscribed as: abel at guardianproject.info
>>
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info
> 


More information about the Guardian-dev mailing list