I2P_Developers/i2p.firefox
3
0
Fork 1
Code Issues 14 Pull Requests Actions 5 Packages Projects Releases Wiki Activity

Do something about TLS certificates for I2P sites #18

New Issue
Open
opened 2025-04-21 14:31:06 -04:00 by idk · 4 comments
idk commented 2025-04-21 14:31:06 -04:00
Owner
Copy Link

Likely solution has something to do with implementing a policies.json: https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson

Likely solution has something to do with implementing a policies.json: https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson
idk self-assigned this 2025-04-21 14:31:06 -04:00
idk commented 2025-04-21 14:31:06 -04:00
Author
Owner
Copy Link

Talking with an I2P+(HTTPS on localhost by default) user on Matrix:

It should be blocking every localhost except for the router console, which it will shunt into a container tab which includes an exception for it. This won't work until the second time you run it but I may be nearing a solution to that issue
Because I pretty much have to implement a policies.json file for us
(to use with Firefox)
Which I think will actually fully load the extension on the first run
Related: anybody in here who has something to contribute to the discussion of standing up an I2P Certificate Authority?
http://zzz.i2p/topics/3303-webtorrent-on-i2p 
https://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/16 

Do something about TLS certificates for I2P sites (#16) · Issues · I2P Developers / i2p.firefox - GitLab
Likely solution has something to do with implementing a policies.json: https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson
cantzzzzzz239
idk
It should be blocking every localhost except for the router console, which it will shunt into a container tab which includes an exception for it. This won't work until the second time you run it but I may be nearing a solution to that issue
restart with -i2pbrowser option ?
idk
Yes, you should see extensions in the toolbar
OR
And maybe this is better...
go to localhost:7695 in any other browser and click the button
Wait no, that doesn't start if you're not either running it as a plugin or passing it without a -*browser arg
Never mind
cantzzzzzz239
5-04 22-20-08.png
got that after ther third restart
idk
I'm just wondering why I am completely unable to reproduce this...
Your window looks like my window in every way except that mine is working
We should end up with identical configurations, that's the whole point, this makes no sense
Does I2P+ use HTTPS on localhost by default?
OMFG that's got to be it
Crap I really wish I'd spotted that sooner
That's been broken for a while, and I never saw it because I don't use I2P+
I went to great lengths to be compatible with i2pd but just assumed I2P+ would work because it's based on regular I2P
cantzzzzzz239
idk
Does I2P+ use HTTPS on localhost by default?
I am not so sure about that, i paste the link with https and it didn't work
i will try with the official router to be sure
idk
It probably won't, I'm not sure of the rules that will be applied in Tor Browser
I'll have to override them somehow
I need to copy this conversation down and add it to the gitlab issue. There's going to be some subtlety here.
You OK with that?
cantzzzzzz239
sure
idk
OK. I'm going to need to remind myself of what's going on here. If it's the HTTPS certificate then what will happen is that the console needs to be opened only in the console controller profile, which will be configured to accept the TLS certificate with the policies.json file

Related(extension) issue: I2P-in-Private-Browsing-Mode-Firefox/-#35

Talking with an I2P+(HTTPS on localhost by default) user on Matrix: ``` It should be blocking every localhost except for the router console, which it will shunt into a container tab which includes an exception for it. This won't work until the second time you run it but I may be nearing a solution to that issue Because I pretty much have to implement a policies.json file for us (to use with Firefox) Which I think will actually fully load the extension on the first run Related: anybody in here who has something to contribute to the discussion of standing up an I2P Certificate Authority? http://zzz.i2p/topics/3303-webtorrent-on-i2p https://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/16 Do something about TLS certificates for I2P sites (#16) · Issues · I2P Developers / i2p.firefox - GitLab Likely solution has something to do with implementing a policies.json: https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson cantzzzzzz239 idk It should be blocking every localhost except for the router console, which it will shunt into a container tab which includes an exception for it. This won't work until the second time you run it but I may be nearing a solution to that issue restart with -i2pbrowser option ? idk Yes, you should see extensions in the toolbar OR And maybe this is better... go to localhost:7695 in any other browser and click the button Wait no, that doesn't start if you're not either running it as a plugin or passing it without a -*browser arg Never mind cantzzzzzz239 5-04 22-20-08.png got that after ther third restart idk I'm just wondering why I am completely unable to reproduce this... Your window looks like my window in every way except that mine is working We should end up with identical configurations, that's the whole point, this makes no sense Does I2P+ use HTTPS on localhost by default? OMFG that's got to be it Crap I really wish I'd spotted that sooner That's been broken for a while, and I never saw it because I don't use I2P+ I went to great lengths to be compatible with i2pd but just assumed I2P+ would work because it's based on regular I2P cantzzzzzz239 idk Does I2P+ use HTTPS on localhost by default? I am not so sure about that, i paste the link with https and it didn't work i will try with the official router to be sure idk It probably won't, I'm not sure of the rules that will be applied in Tor Browser I'll have to override them somehow I need to copy this conversation down and add it to the gitlab issue. There's going to be some subtlety here. You OK with that? cantzzzzzz239 sure idk OK. I'm going to need to remind myself of what's going on here. If it's the HTTPS certificate then what will happen is that the console needs to be opened only in the console controller profile, which will be configured to accept the TLS certificate with the policies.json file ``` Related(extension) issue: https://i2pgit.org/idk/I2P-in-Private-Browsing-Mode-Firefox/-/issues/35
idk commented 2025-04-21 14:31:07 -04:00
Author
Owner
Copy Link

CA Side

CA Side - https://security.stackexchange.com/questions/31376/can-i-restrict-a-certification-authority-to-signing-certain-domains-only
idk commented 2025-04-21 14:31:07 -04:00
Author
Owner
Copy Link

Relevant to the extension-side implementation:

Where the discussion got started

Relevant to the extension-side implementation: - https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/getSecurityInfo Where the discussion got started - http://zzz.i2p/topics/3303-webtorrent-on-i2p
idk commented 2025-04-21 14:31:07 -04:00
Author
Owner
Copy Link

Elephant in the room is that we need to control the Firefox install directory to do this properly

- https://github.com/mozilla/policy-templates/blob/master/README.md - https://stackoverflow.com/questions/60375325/ubuntu18-firefox-add-trust-to-a-exsisting-certificate - https://stackoverflow.com/questions/68413438/adding-certificates-using-policies-json-from-an-online-source Elephant in the room is that we need to control the Firefox install directory to do this properly
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
echelon idk zzz
No Assignees idk
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: I2P_Developers/i2p.firefox#18
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?