View Issue Details

IDProjectCategoryView StatusLast Update
0005514GNUnetGNSpublic2019-02-28 11:17
Reporterschanzen Assigned Toschanzen  
Status closedResolutionfixed 
Product VersionGit master 
Target Version0.11.0Fixed in Version0.11.0 
Summary0005514: GNS Proxy errors if TLS but port != 443
DescriptionIf you access webpage over GNS, e.g. https://www.test:8443 with port != 443 and the peer validation is done via TLSA/DANE it will fail.

I think this is because in gnunet-gns-proxy.c:3297ff the proxy assumes that if port != 443, then its HTTP.
Not sure how to fix that.
I stumbled across this when I tried to write a test for it. As it stands we either have to run a server on port 443 (as root) for the test, or skit this test.
TagsNo tags attached.


Christian Grothoff

2019-01-25 19:26

manager   ~0013464

I guess we could go for TLS if:

* port is 443, *or*
* TLSA record is present for that port (!)

that would seem to help in this case, and should be pretty safe, right?


2019-01-25 20:54

administrator   ~0013465

Fixed in 7f666b4467ae5f530e904675df3f28886f4202fa which also adds a rough test. Now if only we had a proper CI.

Issue History

Date Modified Username Field Change
2019-01-25 18:47 schanzen New Issue
2019-01-25 18:47 schanzen Status new => assigned
2019-01-25 18:47 schanzen Assigned To => Christian Grothoff
2019-01-25 19:26 Christian Grothoff Note Added: 0013464
2019-01-25 19:26 Christian Grothoff Assigned To Christian Grothoff => schanzen
2019-01-25 19:26 Christian Grothoff Product Version => Git master
2019-01-25 19:26 Christian Grothoff Target Version => 0.11.0
2019-01-25 20:54 schanzen Note Added: 0013465
2019-01-25 20:54 schanzen Status assigned => resolved
2019-01-25 20:54 schanzen Resolution open => fixed
2019-02-20 12:24 Christian Grothoff Fixed in Version => 0.11.0
2019-02-28 11:17 Christian Grothoff Status resolved => closed