#25345 closed defect (fixed)

Adapt broker to use ACME HTTP-01 challenge for automatic certificates

Reported by: dcf Owned by: dcf
Priority: Medium Milestone:
Component: Circumvention/Snowflake Version:
Severity: Normal Keywords:
Cc: dcf, arlolra Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

See #24928 for the equivalent ticket for meek. The TLS-SNI-01 challenge that we were using doesn't work anymore. Because of this, the standalone broker has been broken since 2018-01-18 :/

Child Tickets

Attachments (1)

0001-Use-Manager.HTTPHandler-for-automatic-TLS-support.patch (1.9 KB) - added by dcf 17 months ago.

Download all attachments as: .zip

Change History (4)

comment:1 Changed 17 months ago by dcf

Status: assignedneeds_review

Here is a simple patch for review. I just now started it running on https://snowflake-broker.bamsoftware.com/ and it seems to be working (just issued a fresh certificate).

This is the client torrc I tested with:

UseBridges 1
ClientTransportPlugin snowflake exec ./client -url https://snowflake-broker.bamsoftware.com/ -ice stun:stun.l.google.com:19302
Bridge snowflake 0.0.3.0:1
Last edited 17 months ago by dcf (previous) (diff)

comment:2 Changed 17 months ago by arlolra

Status: needs_reviewmerge_ready

Patch lgtm.

comment:3 Changed 17 months ago by dcf

Resolution: fixed
Status: merge_readyclosed

Thanks for the review, merged in fcc274ac68.

Note: See TracTickets for help on using tickets.