Opened 3 years ago

Last modified 17 months ago

#14269 new defect

Imported certificate doesn't works at all

Reported by: tbb403bugreport Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version: Tor: 0.2.7
Severity: Normal Keywords: TBB, certificate
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor Browser 4.0.3 (but I suspect the problem is more general)

With default settings it is impossible to import CA certificate to the tor browser. In order to import a certificate, I unchecked "Don't record browsing history..." option in "security preferences" of the tor button.

But, the imported certificate will not work and not appear in the certificates list if I check the aforementioned option again. I.e., I need to uncheck the option each time I want to connect to the web site using the imported certificate, then check it back.

Child Tickets

Attachments (1)

TICKET-14269-hacked-team-email-1349.png (80.9 KB) - added by isis 2 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 3 years ago by meamy

comment:2 Changed 2 years ago by isis

I would tentatively argue that this behaviour is a feature, not a bug.

From #hackedteam email 1349:

https://trac.torproject.org/projects/tor/raw-attachment/ticket/14269/TICKET-14269-hacked-team-email-1349.png

Last edited 2 years ago by isis (previous) (diff)

Changed 2 years ago by isis

comment:3 in reply to:  2 Changed 2 years ago by cypherpunks

Replying to isis:

I would tentatively argue that this behaviour is a feature, not a bug.

I disagree. While attackers like HT (or Lenovo...) can and do install malicious certs, average users also legitimately need to install their own sometimes and breaking this functionality don't do much but slow down the kind of attackers who are in a position to do this.

Also in the case of that email, they were actually trying to install certs to *use* tor (to access the HT portal), not to attack tor (according to https://firstlook.org/theintercept/2015/07/16/hackingteam-attacked-tor-browser/ - i haven't read all the related emails).

I, for one, would very much like to install the CAcert cert in my tor browser! I haven't tried with 4.5 yet but I've been unable to install certs the last times I've tried (probably circa tbb 4.0).

comment:4 Changed 17 months ago by cypherpunks

Severity: Normal
Version: Tor: 0.2.5.10Tor: 0.2.7

TBB 6.5a1

Imported certificate works only when "don't record browsing history" is

unchecked

... true, but I can't set "Use cert for website/mail/software" checkbox thus HTTPS website still warn me.

checked

I can't import certificate AT ALL.

Please fix this bug. The user who trying to import cert such as CAcert or self-sign cert
are know what he/she doing.

comment:5 Changed 17 months ago by cypherpunks

Summary: Imported certificate works only when "don't record browsing history" is uncheckedImported certificate doesn't works at all
Note: See TracTickets for help on using tickets.