On 6 July 2012 11:46, <pro...@secure-mail.biz> wrote: > A malicious certificate for torproject.org has been given out at least twice > by broken certificate authorities. (Comodo, DigiNotar, who is next...) > > To prevent that in future, I'd like to pin the SSL certificate's fingerprint. > How can that be done? Running an own local CA or is there an easier way?
In what application? In Chrome, your best bet would be to compile Chromium and add the project cert into their pinned list in the code before doing so. In Firefox, you'd probably be best served by using Convergence or CertPatrol to verify the certificate through external validators or notify you if the certificate changes (respectively). In other applications: IE, wget, curl, etc - there aren't any 'prebuilt' options - you'd have to write some sort of plugin or hook yourself. -tom _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk