Opened 4 years ago

Closed 3 years ago

#10550 closed defect (user disappeared)

Stackexchange: Unable to login with OpenID

Reported by: bastik Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords: httpse-ruleset-bug
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

HTTPS-E 3.4.5 (Firefox, I can't pick the version of HTTPS-E in "version") ships with a ruleset for Stackexchange, which appears to make it impossible to lock in with Stackexchange as OpenID provider into tor.stackexchange (probably not exclusive).

I get the following message:

Unable to log in with your OpenID provider:
The openid.return_to parameter (http://tor.stackexchange.com/users/authenticate/?s=07cba8ea-00a3-452c-afe9-c9cd9cdf0fcd&dnoa.userSuppliedIdentifier=https%3A%2F%2Fopenid.stackexchange.com%2Fuser%2Fde3605ff-5114-405c-8586-7da2e86aee49) does not match the actual URL (https://tor.stackexchange.com/users/authenticate/?s=07cba8ea-00a3-452c-afe9-c9cd9cdf0fcd&dnoa.userSuppliedIdentifier=https%3A%2F%2Fopenid.stackexchange.com%2Fuser%2Fde3605ff-5114-405c-8586-7da2e86aee49&openid.claimed_id=https%3A%2F%2Fopenid.stackexchange.com%2Fuser%2Fde3605ff-5114-405c-8586-7da2e86aee49&openid.identity=https%3A%2F%2Fopenid.stackexchange.com%2Fuser%2Fde3605ff-5114-405c-8586-7da2e86aee49&openid.sig=uUaY0f582F%2Fl2lMOvJIXknNt4jnx32V1TGYOvoU1R9s%3D&openid.signed=claimed_id%2Cidentity%2Cassoc_handle%2Cop_endpoint%2Creturn_to%2Cresponse_nonce%2Cns.alias3%2Calias3.mode%2Calias3.type.alias1%2Calias3.value.alias1%2Calias3.type.alias2%2Calias3.value.alias2&openid.assoc_handle=1Ltb%21IAAAAD8uVCcj4mk1jQ1KN8GqP6L3xHscKnUDlPYVu3EEfzhEQQAAAAEWJI_xASt4X3UwqAVC41PsXEcSE7G9ckp4d-NB8Ib2sQCWPIK7eSvidd_Hwn8m6az7LiO4L_u1ZZGObLOiKV5V&openid.op_endpoint=https%3A%2F%2Fopenid.stackexchange.com%2Fopenid%2Fprovider&openid.return_to=http%3A%2F%2Ftor.stackexchange.com%2Fusers%2Fauthenticate%2F%3Fs%3D07cba8ea-00a3-452c-afe9-c9cd9cdf0fcd%26dnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fopenid.stackexchange.com%252Fuser%252Fde3605ff-5114-405c-8586-7da2e86aee49&openid.response_nonce=2014-01-04T08%3A46%3A44ZnweqDPDq&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.alias3=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.alias3.mode=fetch_response&openid.alias3.type.alias1=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.alias3.value.alias1=[redacted email-address]&openid.alias3.type.alias2=http%3A%2F%2Faxschema.org%2FnamePerson&openid.alias3.value.alias2=[redacted name]) the request was made with.

This is bad, you know?

Child Tickets

Change History (4)

comment:1 Changed 4 years ago by cfr

Is this related to the other problems which seemed to result from the update to 3.4.5? I reported those originally as https://trac.torproject.org/projects/tor/ticket/10576 because I had not experienced the login issue myself at that point. Now I realise I'm bitten by this too and am unclear whether these are really one bug or two?

comment:2 Changed 4 years ago by bastik

The default was:

  • Stack Exchange (partial) enabled
  • Stack Exchange (mixed content) disabled

and I can reproduce the problem with the untrusted domain, because the domain isn't covered by the certificate. https://meta.tor.stackexchange.com/ gives me the warning that the connection would not be trustworthy (ssl_error_bad_cert_domain).

This is indeed related to the ruleset, but these should happen without HTTPS-Everywhere when you try to use HTTPS on those sites. For me it does, when I disable the rule for Stack Exchange and try to load "https://meta.tor.stackexchange.com/" it fails with the same error, so this is to be expected.

comment:4 Changed 3 years ago by bm

Keywords: httpse-ruleset-bug added
Resolution: user disappeared
Status: newclosed
Note: See TracTickets for help on using tickets.