View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005514 | GNUnet | GNS | public | 2019-01-25 18:47 | 2019-02-28 11:17 |
Reporter | schanzen | Assigned To | schanzen | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | Git master | ||||
Target Version | 0.11.0 | Fixed in Version | 0.11.0 | ||
Summary | 0005514: GNS Proxy errors if TLS but port != 443 | ||||
Description | If you access webpage over GNS, e.g. https://www.test:8443 with port != 443 and the peer validation is done via TLSA/DANE it will fail. I think this is because in gnunet-gns-proxy.c:3297ff the proxy assumes that if port != 443, then its HTTP. Not sure how to fix that. I stumbled across this when I tried to write a test for it. As it stands we either have to run a server on port 443 (as root) for the test, or skit this test. | ||||
Tags | No tags attached. | ||||
|
I guess we could go for TLS if: * port is 443, *or* * TLSA record is present for that port (!) that would seem to help in this case, and should be pretty safe, right? |
|
Fixed in 7f666b4467ae5f530e904675df3f28886f4202fa which also adds a rough test. Now if only we had a proper CI. |
Date Modified | Username | Field | Change |
---|---|---|---|
2019-01-25 18:47 | schanzen | New Issue | |
2019-01-25 18:47 | schanzen | Status | new => assigned |
2019-01-25 18:47 | schanzen | Assigned To | => Christian Grothoff |
2019-01-25 19:26 | Christian Grothoff | Note Added: 0013464 | |
2019-01-25 19:26 | Christian Grothoff | Assigned To | Christian Grothoff => schanzen |
2019-01-25 19:26 | Christian Grothoff | Product Version | => Git master |
2019-01-25 19:26 | Christian Grothoff | Target Version | => 0.11.0 |
2019-01-25 20:54 | schanzen | Note Added: 0013465 | |
2019-01-25 20:54 | schanzen | Status | assigned => resolved |
2019-01-25 20:54 | schanzen | Resolution | open => fixed |
2019-02-20 12:24 | Christian Grothoff | Fixed in Version | => 0.11.0 |
2019-02-28 11:17 | Christian Grothoff | Status | resolved => closed |