Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#2480 closed task (fixed)

Check if intermediate cert store is cleared

Reported by: mikeperry Owned by: mikeperry
Priority: Very High Milestone:
Component: Applications/Torbutton Version:
Severity: Keywords: TorbuttonIteration20110320 MikePerryIteration20110320
Cc: Actual Points: 2
Parent ID: Points: 2
Reviewer: Sponsor:

Description

We need to ensure that the cache of intermediate certificates is not shared across Tor states. It should be cleared by our ssl hacks, and/or nsICrypto::logout(). We should verify this.

Child Tickets

Change History (8)

comment:1 Changed 9 years ago by mikeperry

Points: 2

Test itself: 2

comment:2 Changed 9 years ago by mikeperry

Parent ID: #2482

comment:3 Changed 9 years ago by mikeperry

Keywords: TorbuttonIteration20110320 MikePerryIteration20110320 added

comment:4 Changed 9 years ago by mikeperry

Cc: ioerror added

https://blog.torproject.org now has a nice intermediate CA to test this with. It came from rapidssl. I'm sure it's totally secure. "Hacker Proof."

comment:5 Changed 9 years ago by mikeperry

Cc: ioerror removed

comment:6 Changed 9 years ago by mikeperry

Actual Points: 2
Resolution: fixed
Status: newclosed

Bleh. According to certutil, this store (which lives in cert8.db) is not being cleared by nsIDOMCrypto::logout()... Looks like we have to clear this manually.

comment:7 Changed 9 years ago by mikeperry

Parent ID: #2482

comment:8 Changed 9 years ago by mikeperry

Summary: Ensure intermediate cert store is properly clearedCheck if intermediate cert store is cleared
Note: See TracTickets for help on using tickets.