[guardian-dev] critical fixes to OnionKit's StrongTrustManager

Hans-Christoph Steiner hans at guardianproject.info
Thu May 2 12:04:03 EDT 2013


How about setting that up on our internal Jenkins box?  Then we could have
Jenkins run tests against it each time it builds orbot.

.hc

On 05/02/2013 11:53 AM, Abel Luck wrote:
> Update on this:
> 
> Lee got me a shell on a box we can use for these types of dev tests.
> Will be setting up tlspretense and working on an OnionKit test suite.
> 
> ~abel
> 
> Abel Luck:
>> I think this is what we're looking for:
>>
>> https://github.com/iSECPartners/tlspretense
>>
>> Tom linked it to me in IRC, so credit to him for knowing about it,
>>
>> The TL;DR is:
>>
>> tlspretense creates a good CA, generates a bunch of certs to be
>> validated. Each cert corresponds to a specific test case. It sets up a
>> server and listens for client connections. For each connection it
>> presents a cert, and logs whether the client completes the TLS handshake
>> or not.
>>
>> We could set this up on a server and run OnionKit against it. Would take
>> 2-3 hours I bet.
>>
>> ~abel
>>
>>
>> Nathan of Guardian:
>>> On 03/12/2013 02:19 PM, Nathan of Guardian wrote:
>>>> If you want to see the fixes implemented so far, you can review the code
>>>> here:
>>>> https://github.com/guardianproject/OnionKit/pull/5
>>>
>>> Also, I am looking fun malicious certs/chains to run through test cases
>>> for this code, or pointers on a quick way to generate a comprehensive
>>> set of bad certs.
>>>
>>> Is there a repository somewhere of bad certs? Perhaps from malicious Tor
>>> exit nodes?
>>>
>>> +n
>>> _______________________________________________
>>> Guardian-dev mailing list
>>>
>>> Post: Guardian-dev at lists.mayfirst.org
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>
>>> To Unsubscribe
>>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
>>>
>>> You are subscribed as: abel at guardianproject.info
>>>
>>
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
>>
>> You are subscribed as: abel at guardianproject.info
>>
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info
> 


More information about the Guardian-dev mailing list