Make subdomains work with HTTPS

tor2web / Tor2web

Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers

https://www.tor2web.org

GNU Affero General Public License v3.0

705 stars 176 forks source link

Make subdomains work with HTTPS #300

Closed virgil closed 8 years ago

virgil commented 8 years ago

Example problem URL: https://daily.muflax65ngodyewp.onion.to/

Unfortunately, wildcard certificates only go one-level down, i.e., .onion.to, but not to .*.onion.to .

I see two solutions:

Every time we detect a subdomain, automatically apply for a Lets Encrypt Certificate to that subdomain.
We do some subdomain rewriting. Particularly,

daily_muflax65ngodyewp.onion.to <-> daily.muflax65ngodyewp.onion.to

Comments appreciated @evilaliv3 @0x0ddba11 .

virgil commented 8 years ago

Right now I'm leaning towards just leaving this as a wontfix.

virgil commented 8 years ago

And now I'm leaning towards the underscore rewrite. Presumably underscores are less common than .onion subdomains. So it's a net win.

virgil commented 8 years ago

At onion.link we are pushing forward with rewriting . -> _ to make subdomains for HTTPS work. It's going to break sites that use a literal _, and that's just a sacrifice we are willing to make. If official tor2web wants to do the same we'll share the patch.

NSkelsey commented 8 years ago

@virgil if you open a pull (or share the code) I can bug @evilaliv3 enough to accept the merge.