[tor-bugs] #19809 [Applications/Tor Messenger]: Update verification failed but update still applies on Linux and OS X

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 2 21:09:29 UTC 2016


#19809: Update verification failed but update still applies on Linux and OS X
--------------------------------------------+-----------------
     Reporter:  sukhbir                     |      Owner:
         Type:  defect                      |     Status:  new
     Priority:  Medium                      |  Milestone:
    Component:  Applications/Tor Messenger  |    Version:
     Severity:  Normal                      |   Keywords:
Actual Points:                              |  Parent ID:
       Points:                              |   Reviewer:
      Sponsor:                              |
--------------------------------------------+-----------------
 With all the updater patches applied, I was trying to update Tor
 Messenger. I generated the MAR signing key and signed the MAR file and
 then tried to update. (The build was completed with the associated DER
 file.)

 On Linux and OS X, it complains that the signatures could not be verified
 but still goes on to complete the update.

 On Windows it gives me error code 19, which Bugzilla
 [https://bugzilla.mozilla.org/show_bug.cgi?id=742008#c4 #742008] tells me:
 "That is CERT_VERIFY_ERROR, which suggests that the mars are not signed
 correctly for some reason.".

 This is the log from updating on Linux:

 {{{
 *** AUS:SVC Downloader:onStopRequest - attempting to stage update: Tor
 Messenger 0.1.0b8
 ERROR: Error verifying signature.
 ERROR: Not all signatures were verified.
 *** AUS:SVC readStatusFile - status: applied, path: /tmp/tor-
 messenger/Browser/updates/0/update.status
 *** AUS:SVC UpdateManager:refreshUpdateStatus - Notifying observers that
 the update was staged. state: applied, status: applied
 }}}

 Why is Tor Messenger still updating if the signature could not be
 verified?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19809>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list