[guardian-dev] critical fixes to OnionKit's StrongTrustManager
Abel Luck
abel at guardianproject.info
Thu May 2 11:53:23 EDT 2013
Update on this:
Lee got me a shell on a box we can use for these types of dev tests.
Will be setting up tlspretense and working on an OnionKit test suite.
~abel
Abel Luck:
> I think this is what we're looking for:
>
> https://github.com/iSECPartners/tlspretense
>
> Tom linked it to me in IRC, so credit to him for knowing about it,
>
> The TL;DR is:
>
> tlspretense creates a good CA, generates a bunch of certs to be
> validated. Each cert corresponds to a specific test case. It sets up a
> server and listens for client connections. For each connection it
> presents a cert, and logs whether the client completes the TLS handshake
> or not.
>
> We could set this up on a server and run OnionKit against it. Would take
> 2-3 hours I bet.
>
> ~abel
>
>
> Nathan of Guardian:
>> On 03/12/2013 02:19 PM, Nathan of Guardian wrote:
>>> If you want to see the fixes implemented so far, you can review the code
>>> here:
>>> https://github.com/guardianproject/OnionKit/pull/5
>>
>> Also, I am looking fun malicious certs/chains to run through test cases
>> for this code, or pointers on a quick way to generate a comprehensive
>> set of bad certs.
>>
>> Is there a repository somewhere of bad certs? Perhaps from malicious Tor
>> exit nodes?
>>
>> +n
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
>> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
>>
>> You are subscribed as: abel at guardianproject.info
>>
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
>
> You are subscribed as: abel at guardianproject.info
>
More information about the Guardian-dev
mailing list