(Testers Wanted!) Beta Binaries of Firefox Positive TLS Support

https://www.namecoin.org/dot-bit/
Post Reply
biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

(Testers Wanted!) Beta Binaries of Firefox Positive TLS Support

Post by biolizard89 »

I've posted unofficial binaries of the Namecoin positive TLS override functionality that I previously wrote about at https://www.namecoin.org/2018/02/20/ncd ... refox.html .

Here are the download links:

GNU+Linux 64-bit: https://share.riseup.net/#j50muMClEiCG9N20_G_KOg
GNU+Linux 32-bit: https://share.riseup.net/#K9XaDMnI6y80rHQjBu7MxQ
Windows 64-bit: https://share.riseup.net/#NWv1dKowYHKAETjxvTIuXw
Windows 32-bit: https://share.riseup.net/#JaaWFsAahmVsNQQ0S56vGw

And of course, since you shouldn't trust that Riseup isn't evil/compromised, be sure to check the downloads against the OpenPGP signature and SHA256 hashes below.

Code: Select all

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# ncdns master 2018 03 25 3792dd3e959bf7048b0d02dccc76f6b67b3660fd with PR61 2018 02 11 2e50c752328db1650e9047b4c0064d0c07e2baaa and PR60 2018 02 11 dba4ce70086250b860d9fa76c5d458e8f36729f4

d11e0eda4125bd70f03dab466753a058f937b0dc57d0c1a03e0e004667f354b0  ncdumpzone-HEAD-linux_386.tar.gz
a0f828f2a7cdd683dc3a1aa44dbc33f3c39bc28b291f807c89f067325471e3b3  ncdumpzone-HEAD-linux_amd64.tar.gz
7a2546ecee336c836e6d7b9b26aa8a3cc2f36b29e264031e2e4eb73011e34ce5  ncdumpzone-HEAD-windows_386.tar.gz
0bff478fc772b7d2bef71ad5753e2b38657948fe78088d30d076fd448f490749  ncdumpzone-HEAD-windows_amd64.tar.gz
-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEVB3fdzAraEcoBtkSs/LRZXhtZXAFAlq3VPEUHGplcmVteUBu
YW1lY29pbi5vcmcACgkQs/LRZXhtZXCUwQ/9GfPM/SR9VQWsLwRM9zzZVGIaHoE6
yrBlaX6NU0widS4pGiPKxVoivCR8T+QfMDBUQjOihO9smd2MzyKIx3yPGkDsIL7I
eY7LGs2bGtZalZ7Y8iL5ru2qd7vba3HvT/V6VpdHtUtCZ34RTOYLNxAeB+WAErrj
kpD2divT7F/+9VwxyywZISEl4lpbe858QQHFs7zd2FE9eCvc/0a2l3FAgR4hkzu7
nCnQBUGSFHhImsHjw++py7ZKDPIUmtqBeSbV6e9lpMw3piT+0dE/AssIHjcYnaQ8
yVJmN/vH24xYugwIngLKYFFxs2lzUSzE4P6G/+0X3x7VxjVs0pgMzWiLnuj81MYb
Yh4hOss58SmkrjMgVZY8wiCs4GXk6yrH47unXowniKdf45bXYxkXwgJYBGOdQZMa
j0C9Rb91M8WuA09pJb90d/D+WIgmRfJeL4MPQhV1qC1XZRCXElGF4n1GuINR7u2F
3DHzBfywiYun/Ds0x77hpURl4nzDCMiboDYUaKFWkRtUJ6jGsTdLeuy16NkTwuyp
sWy7eTgNg69+sTi3XOrQk0iTqwSPQqKvzuH9e75/+ZxmIZoQvfRCstx0I8wcps2Q
pJWP7okSaF84ZvzJ+bAJM59tHn/0RM6cc6USwZd8/MhOSt3l3u5SwpvjEC9/e5nz
P3zfxSZAy5VOXmM=
=u5sP
-----END PGP SIGNATURE-----
You can also build from source yourself if you prefer. You want the latest master branch of ncdns, with PR61 and PR60 merged into it.

Usage instructions:

1. ./ncdumpzone --format=firefox-override --rpcuser=user --rpcpass=pass > firefox.txt # Substitute your Namecoin Core RPC credentials for "user" and "pass".
2. Wait for ncdumpzone to finish running; it should take about a minute.
3. Exit Firefox if it's running.
4. Append the contents of firefox.txt to the file named cert_override.txt in your Firefox profile folder. (If the file doesn't already exist, you can create an empty text file there.)
5. Start Firefox again.
6. Visit in Firefox a .bit website that supports TLS, e.g. https://nf.bit/ . (Obviously you need to have .bit DNS resolution enabled on your system, but you do *not* need any TLS-related features of ncdns enabled.)
7. The website should load in Firefox without errors.
8. If a .bit website changes its TLS certificate and you want that site to work again, redo the above instructions (but remove the .bit lines from cert_override.txt before you append the new data to it).

Note that this *only* provides positive certificate overrides. That means that it won't protect you from malicious certificates that are signed by a CA that Firefox trusts (that would require negative certificate overrides). As such, I don't recommend using this for daily/non-testing usage.

Please post test reports in this thread.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

Post Reply