fiaxh
commented
19 hours ago Thanks for your PR!
accept_certificate is only available in Soup.Message since version 3. Please use an ifdef to only compile the code if SOUP_3_0 is set.
Closed matthewrfennell closed 28 minutes ago
fiaxh
commented
19 hours ago Thanks for your PR!
accept_certificate is only available in Soup.Message since version 3. Please use an ifdef to only compile the code if SOUP_3_0 is set.
fiaxh
commented
28 minutes ago Thanks!
Most Certificate Authorities don't support issuing X.509 certificates for onion sites. However, it can still be useful to provide a certificate over Tor in some circumstances, for instance to tie your alphanumeric Tor address to your site's main identity.
Therefore, many Tor services provide self-signed certificates. This is OK, since the onion service itself guarantees that you are connecting to the entity you think you are.
Dino already allows self-signed certs when communicating over Tor (see 81a5505). However, the same exception does not exist yet for HTTP uploads and downloads - causing these to fail over Tor.
Therefore, in this commit, we add the same exception for uploads/downloads, by passing the host of the upload/download urls to the already existing invalid certificate connection handler.
Note that this handler only allows certificates with type TlsCertificateFlags.UNKNOWN_CA. This means the certificate of your server must also include the onion http upload and download URLs in its certificate - otherwise, the file transfer will fail with TlsCertificateFlags.BAD_IDENTITY.
Closes #1149