Information
ID: 82
PHID: PHID-TASK-mtmsmzv5ybfui3w5gpie
Author: Patrick
Status at Migration Time: open
Priority at Migration Time: Normal
Description
Since direct SSL certificate pinning for check.torproject.org and torproject.org (curl method)
(T80) would have to wait a long time, until Debian stretch, this ticket is for an alternative approach.
Please make sure you’ve read T80 first.
TODO reserarch:
1.)
openssl s_client
can be used to fetch a website:
Step 1.
openssl s_client -connect check.torproject.org:443
Step 2
GET / HTTP/1.1
host: check.torproject.org
How can step two be automated in a script?
2.)
Can openssl s_client
be used to fetch (similar to wget
, curl
) using direct SSL certificate pinning?
Not to be confused with SSL Certificate Authority (CA) pinning (similar to curl
s --cacert
or --capath
option)!
Similar to curl
s --pinnedpubkey
that was added in version 7.39.0 (changelog).
3.)
Alternatively… Can one pipe curl
(or wget
) through openssl s_client
?
Comments
HulaHoop
2017-05-30 17:06:47 UTC
Patrick
2017-05-30 21:41:05 UTC
HulaHoop
2017-05-31 12:42:02 UTC