0005514: GNS Proxy errors if TLS but port != 443

ID	Project	Category	View Status	Date Submitted	Last Update

0005514	GNUnet	GNS	public	2019-01-25 18:47	2019-02-28 11:17

Reporter	schanzen	Assigned To	schanzen
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	Git master
Target Version	0.11.0	Fixed in Version	0.11.0

Summary	0005514: GNS Proxy errors if TLS but port != 443
Description	If you access webpage over GNS, e.g. https://www.test:8443 with port != 443 and the peer validation is done via TLSA/DANE it will fail. I think this is because in gnunet-gns-proxy.c:3297ff the proxy assumes that if port != 443, then its HTTP. Not sure how to fix that. I stumbled across this when I tried to write a test for it. As it stands we either have to run a server on port 443 (as root) for the test, or skit this test.
Tags	No tags attached.

Christian Grothoff 2019-01-25 19:26 manager ~0013464	I guess we could go for TLS if: * port is 443, or * TLSA record is present for that port (!) that would seem to help in this case, and should be pretty safe, right?

schanzen 2019-01-25 20:54 administrator ~0013465	Fixed in 7f666b4467ae5f530e904675df3f28886f4202fa which also adds a rough test. Now if only we had a proper CI.

Date Modified	Username	Field	Change
2019-01-25 18:47	schanzen	New Issue
2019-01-25 18:47	schanzen	Status	new => assigned
2019-01-25 18:47	schanzen	Assigned To	=> Christian Grothoff
2019-01-25 19:26	Christian Grothoff	Note Added: 0013464
2019-01-25 19:26	Christian Grothoff	Assigned To	Christian Grothoff => schanzen
2019-01-25 19:26	Christian Grothoff	Product Version	=> Git master
2019-01-25 19:26	Christian Grothoff	Target Version	=> 0.11.0
2019-01-25 20:54	schanzen	Note Added: 0013465
2019-01-25 20:54	schanzen	Status	assigned => resolved
2019-01-25 20:54	schanzen	Resolution	open => fixed
2019-02-20 12:24	Christian Grothoff	Fixed in Version	=> 0.11.0
2019-02-28 11:17	Christian Grothoff	Status	resolved => closed