#13410: Disable self-signed certificate warnings when visiting .onion sites --------------------------------------------+------------------------------ Reporter: tom | Owner: pospeselr Type: defect | Status: needs_review Priority: Very High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: ux-team, TorBrowserTeam202002R | Actual Points: Parent ID: #30025 | Points: Reviewer: | Sponsor: | Sponsor27-must --------------------------------------------+------------------------------ Changes (by pospeselr):
* keywords: ux-team => ux-team, TorBrowserTeam202002R * status: assigned => needs_review Comment: A surprisingly small patch seems to work for the scenarios we care about, and does nothing to the existing vanilla HTTPS website handling. Scenarios tested: || Scenario Name || Result || || HTTP Onion || Onion Icon || || HTTPS Onion Self-Signed || Onion Icon || || HTTPS Onion Unknown CA || Onion Icon || || HTTPS Onion EV || Onion Icon + EV Name || || HTTPS Onion Wrong Domain || Onion Warning Icon, Warning Splash Screen || || HTTPS Onion Expired Self-Signed Cert || Onion Warning Icon, Warning Splash Screen || || HTTP(S) Onion + HTTP Script || Onion Slash Icon || || HTTP(S) Onion + HTTP Content || Onion Warning Icon || || HTTP(S) Onion + HTTPS Content || Onion Icon || || HTTPS Onion + HTTP Form || Onion Ion + Warning Popup on Form Submit || HTTP Onion + HTTP Form does not give the warning popup and is tracked to be fixed in #33298 tor-browser: https://gitweb.torproject.org/user/richard/tor- browser.git/commit/?h=bug_13410_v1 -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13410#comment:33> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs