(Testers Wanted!) Beta Binaries of Firefox Positive TLS Support
Posted: Sun Mar 25, 2018 8:35 am
I've posted unofficial binaries of the Namecoin positive TLS override functionality that I previously wrote about at https://www.namecoin.org/2018/02/20/ncd ... refox.html .
Here are the download links:
GNU+Linux 64-bit: https://share.riseup.net/#j50muMClEiCG9N20_G_KOg
GNU+Linux 32-bit: https://share.riseup.net/#K9XaDMnI6y80rHQjBu7MxQ
Windows 64-bit: https://share.riseup.net/#NWv1dKowYHKAETjxvTIuXw
Windows 32-bit: https://share.riseup.net/#JaaWFsAahmVsNQQ0S56vGw
And of course, since you shouldn't trust that Riseup isn't evil/compromised, be sure to check the downloads against the OpenPGP signature and SHA256 hashes below.
You can also build from source yourself if you prefer. You want the latest master branch of ncdns, with PR61 and PR60 merged into it.
Usage instructions:
1. ./ncdumpzone --format=firefox-override --rpcuser=user --rpcpass=pass > firefox.txt # Substitute your Namecoin Core RPC credentials for "user" and "pass".
2. Wait for ncdumpzone to finish running; it should take about a minute.
3. Exit Firefox if it's running.
4. Append the contents of firefox.txt to the file named cert_override.txt in your Firefox profile folder. (If the file doesn't already exist, you can create an empty text file there.)
5. Start Firefox again.
6. Visit in Firefox a .bit website that supports TLS, e.g. https://nf.bit/ . (Obviously you need to have .bit DNS resolution enabled on your system, but you do *not* need any TLS-related features of ncdns enabled.)
7. The website should load in Firefox without errors.
8. If a .bit website changes its TLS certificate and you want that site to work again, redo the above instructions (but remove the .bit lines from cert_override.txt before you append the new data to it).
Note that this *only* provides positive certificate overrides. That means that it won't protect you from malicious certificates that are signed by a CA that Firefox trusts (that would require negative certificate overrides). As such, I don't recommend using this for daily/non-testing usage.
Please post test reports in this thread.
Here are the download links:
GNU+Linux 64-bit: https://share.riseup.net/#j50muMClEiCG9N20_G_KOg
GNU+Linux 32-bit: https://share.riseup.net/#K9XaDMnI6y80rHQjBu7MxQ
Windows 64-bit: https://share.riseup.net/#NWv1dKowYHKAETjxvTIuXw
Windows 32-bit: https://share.riseup.net/#JaaWFsAahmVsNQQ0S56vGw
And of course, since you shouldn't trust that Riseup isn't evil/compromised, be sure to check the downloads against the OpenPGP signature and SHA256 hashes below.
Code: Select all
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
# ncdns master 2018 03 25 3792dd3e959bf7048b0d02dccc76f6b67b3660fd with PR61 2018 02 11 2e50c752328db1650e9047b4c0064d0c07e2baaa and PR60 2018 02 11 dba4ce70086250b860d9fa76c5d458e8f36729f4
d11e0eda4125bd70f03dab466753a058f937b0dc57d0c1a03e0e004667f354b0 ncdumpzone-HEAD-linux_386.tar.gz
a0f828f2a7cdd683dc3a1aa44dbc33f3c39bc28b291f807c89f067325471e3b3 ncdumpzone-HEAD-linux_amd64.tar.gz
7a2546ecee336c836e6d7b9b26aa8a3cc2f36b29e264031e2e4eb73011e34ce5 ncdumpzone-HEAD-windows_386.tar.gz
0bff478fc772b7d2bef71ad5753e2b38657948fe78088d30d076fd448f490749 ncdumpzone-HEAD-windows_amd64.tar.gz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEVB3fdzAraEcoBtkSs/LRZXhtZXAFAlq3VPEUHGplcmVteUBu
YW1lY29pbi5vcmcACgkQs/LRZXhtZXCUwQ/9GfPM/SR9VQWsLwRM9zzZVGIaHoE6
yrBlaX6NU0widS4pGiPKxVoivCR8T+QfMDBUQjOihO9smd2MzyKIx3yPGkDsIL7I
eY7LGs2bGtZalZ7Y8iL5ru2qd7vba3HvT/V6VpdHtUtCZ34RTOYLNxAeB+WAErrj
kpD2divT7F/+9VwxyywZISEl4lpbe858QQHFs7zd2FE9eCvc/0a2l3FAgR4hkzu7
nCnQBUGSFHhImsHjw++py7ZKDPIUmtqBeSbV6e9lpMw3piT+0dE/AssIHjcYnaQ8
yVJmN/vH24xYugwIngLKYFFxs2lzUSzE4P6G/+0X3x7VxjVs0pgMzWiLnuj81MYb
Yh4hOss58SmkrjMgVZY8wiCs4GXk6yrH47unXowniKdf45bXYxkXwgJYBGOdQZMa
j0C9Rb91M8WuA09pJb90d/D+WIgmRfJeL4MPQhV1qC1XZRCXElGF4n1GuINR7u2F
3DHzBfywiYun/Ds0x77hpURl4nzDCMiboDYUaKFWkRtUJ6jGsTdLeuy16NkTwuyp
sWy7eTgNg69+sTi3XOrQk0iTqwSPQqKvzuH9e75/+ZxmIZoQvfRCstx0I8wcps2Q
pJWP7okSaF84ZvzJ+bAJM59tHn/0RM6cc6USwZd8/MhOSt3l3u5SwpvjEC9/e5nz
P3zfxSZAy5VOXmM=
=u5sP
-----END PGP SIGNATURE-----
Usage instructions:
1. ./ncdumpzone --format=firefox-override --rpcuser=user --rpcpass=pass > firefox.txt # Substitute your Namecoin Core RPC credentials for "user" and "pass".
2. Wait for ncdumpzone to finish running; it should take about a minute.
3. Exit Firefox if it's running.
4. Append the contents of firefox.txt to the file named cert_override.txt in your Firefox profile folder. (If the file doesn't already exist, you can create an empty text file there.)
5. Start Firefox again.
6. Visit in Firefox a .bit website that supports TLS, e.g. https://nf.bit/ . (Obviously you need to have .bit DNS resolution enabled on your system, but you do *not* need any TLS-related features of ncdns enabled.)
7. The website should load in Firefox without errors.
8. If a .bit website changes its TLS certificate and you want that site to work again, redo the above instructions (but remove the .bit lines from cert_override.txt before you append the new data to it).
Note that this *only* provides positive certificate overrides. That means that it won't protect you from malicious certificates that are signed by a CA that Firefox trusts (that would require negative certificate overrides). As such, I don't recommend using this for daily/non-testing usage.
Please post test reports in this thread.