Automatic time sync before connecting to Tor in automatic mode
Closes #18717 (closed), #18830 (closed)
-
rewrite curl client so that it accepts certificates valid in the future, as per Mitigate attack by active network adversary on ... (#18830 - closed) -
compile the Go client, aka https-get-expired
-
integrate https-get-expired
inconfig/chroot_local-includes/usr/local/sbin/htpdate
-
-
avoid races between Tor Connection and tails-get-network-time
(done, please review)-
make sure there is a timeout to tails-get-network-time
-
check that even if it fails, the connection to Tor must be attempted - review the new UI. In particular:
- there is no indication to the user that "syncing our clock" failed
- progress bar doesn't account for "syncing our clock"
-
-
test again in Bullseye
Note for the reviewers:
-
double-check, in debug.log, [check_tor_leaks]
: they should match what you expect -
grep for Warning: these queries were allowed but not needed:
. This should never happen. - to allow for easy testing, I use
httpbin.org
in the test suite. Do we think this is a problem? I don't think so, because:- even if this is some form of lock-in, that application is free software, apparently well-packaged, so we could even run our own instance.
- in terms of reliability... let's see how it fares!
Edited by intrigeri