[tor-bugs] #4370 [Tor Client]: If the CERTS cell contains a cert with a scary time, don't warn unless it's from an authority
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Nov 1 08:40:45 UTC 2011
#4370: If the CERTS cell contains a cert with a scary time, don't warn unless it's
from an authority
------------------------+---------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version: Tor: 0.2.3.7-alpha
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
At the bottom of command_process_netinfo_cell() we have some logic, when
we hear a scary time from a netinfo cell, to check:
{{{
if (router_digest_is_trusted_dir(conn->identity_digest))
severity = LOG_WARN;
else
severity = LOG_INFO;
}}}
We should repeat that logic when we get a scary time from a CERTS cell.
Turns out those scary times (off by an hour or more) are reasonably
common.
If you're quick, you can reproduce by running your Tor with "entrynode
0xABCD":
{{{
Nov 01 04:30:45.000 [debug] connection_or_process_cells_from_inbuf(): 14:
starting, inbuf_datalen 1444 (0 pending in tls object).
Nov 01 04:30:45.000 [warn] Certificate not yet valid: is your system clock
set incorrectly?
Nov 01 04:30:45.000 [warn] (certificate lifetime runs from Nov 1 12:15:08
2011 GMT through Oct 31 12:15:08 2012 GMT. Your time is Nov 01 08:30:45
2011 GMT.)
Nov 01 04:30:45.000 [info] command_process_cert_cell(): Received a bad
CERT cell from 120.50.40.184:9001: The link certificate was not valid
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4370>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list