search

tor2web / Tor2web

Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers
https://www.tor2web.org
GNU Affero General Public License v3.0
705 stars 176 forks source link

Certificate chain fails if ssl_cert == ssl_intermediate file #285

Closed evilaliv3 closed 8 years ago

evilaliv3 commented 8 years ago

This condition may happen since the we added the diversification of ssl_cert and ssl_intermediate in fact very old configuration were using a single file ssl_cert = tor2web-intermediate.pem so that know the following may happen:

the user configure:

ssl_cert = tor2web-intermediate.pem

tor2web enforce also:

ssl_intermediate = tor2web-intermediate.pem

this lease to loading twice the same file with no error on tor2web file, but then errors in the browser validation of the chain.

Credit for this issue goes for @DrWhax that helped me debugging the issue.

evilaliv3 commented 8 years ago

To fix this issue i'm going to simply detect the condition and load the file once in the right way in order to allow the backport of old configurations.

In addition to this other tickets already tracks a proper validation of the certificate chain to be implemented for testing all during the startup of tor2web.