GeetaSarvadnya
commented
3 days ago Please check the certificate for Win x64, Win x86 and Win arm64
Open GeetaSarvadnya opened 3 days ago
GeetaSarvadnya
commented
3 days ago Please check the certificate for Win x64, Win x86 and Win arm64
GeetaSarvadnya
commented
3 days ago Verification PASSED on
Brave | 1.67.123 Chromium: 126.0.6478.126 (Official Build) (64-bit)
-- | --
Revision | fc7619ef621fe4e6a0fa8b16c718f78ffc97a861
OS | Windows 10 Version 22H2 (Build 19045.4529)Launched 1.67.123 Chromium: 126.0.6478.126 using --use-dev-goupdater-url and confirmed the following versions:
tor binary 0.4.8.10Brave Tor Client Updater (Windows) -Version: 1.0.75OpenSSL - 3.0.13Zlib - 1.3.1Libevent - 2.1.12-stable [notice] Tor 0.4.8.10 running on Windows 8 [or later] with Libevent 2.1.12-stable, OpenSSL 3.0.13, Zlib 1.3.1, Liblzma N/A, Libzstd N/A and Unknown N/A as libc.
Jul 01 12:28:01.000 [notice] Bootstrapped 0% (starting): Starting
Jul 01 12:28:01.000 [notice] Starting with guard context "default"
Jul 01 12:28:01.000 [notice] New control connection opened from 127.0.0.1.
Jul 01 12:28:01.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Jul 01 12:28:01.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Jul 01 12:28:01.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Jul 01 12:28:02.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Jul 01 12:28:02.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Jul 01 12:28:02.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Jul 01 12:28:03.000 [notice] Bootstrapped 30% (loading_status): Loading networkstatus consensus
Jul 01 12:28:05.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Jul 01 12:28:05.000 [notice] Bootstrapped 40% (loading_keys): Loading authority key certs
Jul 01 12:28:06.000 [notice] The current consensus has no exit nodes. Tor can only build internal paths, such as paths to onion services.
Jul 01 12:28:06.000 [notice] Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
Jul 01 12:28:06.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/7342, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.)
Jul 01 12:28:08.000 [notice] Bootstrapped 50% (loading_descriptors): Loading relay descriptors
Jul 01 12:28:11.000 [notice] The current consensus contains exit nodes. Tor can build exit and internal paths.
Jul 01 12:28:15.000 [notice] Bootstrapped 55% (loading_descriptors): Loading relay descriptors
Jul 01 12:28:15.000 [notice] Bootstrapped 61% (loading_descriptors): Loading relay descriptors
Jul 01 12:28:15.000 [notice] Bootstrapped 70% (loading_descriptors): Loading relay descriptors
Jul 01 12:28:15.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Jul 01 12:28:16.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Jul 01 12:28:16.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Jul 01 12:28:17.000 [notice] Bootstrapped 100% (done): DoneEnsured that you can open the following domains in a Tor window without issues:
Confirmed the following sites opened via "Open in Tor" button and navigated to .onion URL:
Ensured that the tor binary was correctly signed using signtool.exe:
c:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64>BraveSign.exe verify /pa "c:\Users\Dell\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.75\tor-0.4.8.10-win32-brave-2"
File: c:\Users\Dell\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.75\tor-0.4.8.10-win32-brave-2
Index Algorithm Timestamp
========================================
0 sha256 Authenticode
Successfully verified: c:\Users\Dell\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.75\tor-0.4.8.10-win32-brave-2
c:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64>
Verified the certificate and ensured that the certificate date is shown correctly
GeetaSarvadnya
commented
3 days ago @mherrmann: I don't see Tor logs on the console when I open Tor window on 1.67.123 using brave.exe --enable-logging=stderr --use-dev-goupdater-url. Although, I can open brave.com, DDG and check.torproject.org on TOR window without any issue. But I am getting the following cert error in the console. Also I don't see logs in Tor profile folder, is the log file removed from Tor folder?.
[15328:12584:0628/161404.599:INFO:CONSOLE(2)] "Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: chrome://resources/brave/fonts/third_party/poppins/Poppins_400_normal_latin_v20.woff2", source: chrome://newtab/private_new_tab.bundle.js (2)
[15328:15312:0628/161404.851:ERROR:cert_issuer_source_aia.cc(136)] AiaRequest::OnFetchCompleted got error -105
[15328:13340:0628/161406.464:INFO:tor_file_watcher.cc(183)] tor: failed to open control auth cookie
[15328:13340:0628/161406.537:INFO:tor_file_watcher.cc(183)] tor: failed to open control auth cookie
[15328:13340:0628/161406.537:INFO:tor_file_watcher.cc(183)] tor: failed to open control auth cookie
[15328:13340:0628/161406.541:INFO:tor_file_watcher.cc(183)] tor: failed to open control auth cookie
[15328:13340:0628/161406.541:INFO:tor_file_watcher.cc(183)] tor: failed to open control auth cookie
[15328:12584:0628/161406.654:INFO:CONSOLE(0)] "Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: chrome://resources/brave/fonts/third_party/poppins/Poppins_700_normal_latin_v20.woff2", source: chrome://newtab/ (0)
[15328:12584:0628/161417.582:WARNING:CONSOLE(5)] "crbug/1173575, non-JS module files deprecated.", source: chrome://resources/js/load_time_data_deprecated.js (5)
[15328:12584:0628/161417.760:INFO:CONSOLE(2608)] "Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: chrome://resources/brave/fonts/third_party/poppins/Poppins_400_normal_latin_v20.woff2", source: chrome://newtab/brave_new_tab.bundle.js (2608)
[15328:12584:0628/161417.763:INFO:CONSOLE(2608)] "Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: chrome://resources/brave/fonts/third_party/poppins/Poppins_500_normal_latin_v20.woff2", source: chrome://newtab/brave_new_tab.bundle.js (2608)
[15328:12584:0628/161417.763:INFO:CONSOLE(2608)] "Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: chrome://resources/brave/fonts/third_party/poppins/Poppins_300_normal_latin_v20.woff2", source: chrome://newtab/brave_new_tab.bundle.js (2608)
[15328:12584:0628/161417.763:INFO:CONSOLE(2608)] "Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: chrome://resources/brave/fonts/third_party/poppins/Poppins_600_normal_latin_v20.woff2", source: chrome://newtab/brave_new_tab.bundle.js (2608)
[15328:15312:0628/161454.977:ERROR:cert_issuer_source_aia.cc(136)] AiaRequest::OnFetchCompleted got error -105
[15328:15312:0628/161506.180:ERROR:cert_issuer_source_aia.cc(35)] Error parsing cert retrieved from AIA (as DER):
ERROR: Couldn't read tbsCertificate as SEQUENCE
ERROR: Failed parsing CertificateWhen I check the certificate, it shows the following dates let us know whether it's correct or not
mherrmann
commented
3 days ago Thank you @GeetaSarvadnya. The dates look correct. I'm afraid I don't know about the log files in the Tor profile folder. (I only know very little about Tor.)
Regarding the cert error, does it also appear for you on prod? I tried to reproduce but am not getting it on either prod or dev. Other than that, I am getting the same output as you.
In all cases, I personally am concerned with the functionality and that the binary is signed with the new certificate. From my side, if Tor works functionally, it's OK. But maybe someone with more Tor experience (@fmarier perhaps?) can chime in.
fmarier
commented
3 days ago Follow-up issue for the tor log on Windows: https://github.com/brave/brave-browser/issues/39467
Windows 11 x64Tor Client Updater
--user-data-dir=component-dev --use-dev-goupdater-url(These flags are only available in v1.7.x). Once the crx is pushed to production run without these flags.brave://componentsand verifyTor Client Updater (OS)is updated successfully.New Private Window with Torand confirm that it starts without any errors.check.torproject.organd verify that tor is working successfully.brave.comandhttp://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/to check if the sites work correctly.brave.comandmail.protonmail.comin a regular Window/Tab and ensure that clicking theTorbutton in the URL bar correctly launches a Tor window and opens the appropriate.onionwebsite.Windows
"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" verify /pa "C:\Users\<user>\AppData\Local\BraveSoftware\Brave-Browser-<channel>\User Data\cpoalefficncklhjfpglfiplenlpccdb\<version>\tor-<version-tor>-win-brave-<version-brave>.exe"to verify if the signature of the binary is correct.Windows 10 x64Tor Client Updater
--user-data-dir=component-dev --use-dev-goupdater-url(These flags are only available in v1.7.x). Once the crx is pushed to production run without these flags.brave://componentsand verifyTor Client Updater (OS)is updated successfully.New Private Window with Torand confirm that it starts without any errors.check.torproject.organd verify that tor is working successfully.brave.comandhttp://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/to check if the sites work correctly.brave.comandmail.protonmail.comin a regular Window/Tab and ensure that clicking theTorbutton in the URL bar correctly launches a Tor window and opens the appropriate.onionwebsite.Windows
"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" verify /pa "C:\Users\<user>\AppData\Local\BraveSoftware\Brave-Browser-<channel>\User Data\cpoalefficncklhjfpglfiplenlpccdb\<version>\tor-<version-tor>-win-brave-<version-brave>.exe"to verify if the signature of the binary is correct.Windows 10 x86Tor Client Updater
--user-data-dir=component-dev --use-dev-goupdater-url(These flags are only available in v1.7.x). Once the crx is pushed to production run without these flags.brave://componentsand verifyTor Client Updater (OS)is updated successfully.New Private Window with Torand confirm that it starts without any errors.check.torproject.organd verify that tor is working successfully.brave.comandhttp://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/to check if the sites work correctly.brave.comandmail.protonmail.comin a regular Window/Tab and ensure that clicking theTorbutton in the URL bar correctly launches a Tor window and opens the appropriate.onionwebsite.Windows
"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" verify /pa "C:\Users\<user>\AppData\Local\BraveSoftware\Brave-Browser-<channel>\User Data\cpoalefficncklhjfpglfiplenlpccdb\<version>\tor-<version-tor>-win-brave-<version-brave>.exe"to verify if the signature of the binary is correct.