[guardian-dev] critical fixes to OnionKit's StrongTrustManager

Abel Luck abel at guardianproject.info
Thu May 2 11:53:23 EDT 2013 

Update on this:

Lee got me a shell on a box we can use for these types of dev tests.
Will be setting up tlspretense and working on an OnionKit test suite.

~abel

Abel Luck:
> I think this is what we're looking for:
> 
> https://github.com/iSECPartners/tlspretense
> 
> Tom linked it to me in IRC, so credit to him for knowing about it,
> 
> The TL;DR is:
> 
> tlspretense creates a good CA, generates a bunch of certs to be
> validated. Each cert corresponds to a specific test case. It sets up a
> server and listens for client connections. For each connection it
> presents a cert, and logs whether the client completes the TLS handshake
> or not.
> 
> We could set this up on a server and run OnionKit against it. Would take
> 2-3 hours I bet.
> 
> ~abel
> 
> 
> Nathan of Guardian:
>> On 03/12/2013 02:19 PM, Nathan of Guardian wrote:
>>> If you want to see the fixes implemented so far, you can review the code
>>> here:
>>> https://github.com/guardianproject/OnionKit/pull/5
>>
>> Also, I am looking fun malicious certs/chains to run through test cases
>> for this code, or pointers on a quick way to generate a comprehensive
>> set of bad certs.
>>
>> Is there a repository somewhere of bad certs? Perhaps from malicious Tor
>> exit nodes?
>>
>> +n
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
>>
>> You are subscribed as: abel at guardianproject.info
>>
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
> 
> You are subscribed as: abel at guardianproject.info
>

More information about the Guardian-dev mailing list