[tor-bugs] #21420 [Core Tor/Tor]: Link certificate start date in the future
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 13 23:52:20 UTC 2017
#21420: Link certificate start date in the future
--------------------------+------------------------------------
Reporter: mmcloughlin | Owner: nickm
Type: defect | Status: needs_revision
Priority: Medium | Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: 029-backport | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Changes (by nickm):
* status: needs_review => needs_revision
Comment:
Replying to [comment:5 arma]:
>
> Maybe some more comments to explain what we're computing, and *why*,
would help?
Okay, will do.
> Looking at the origin commit, it seems maybe I wanted to say "- 2 days",
not "+ 2 days". Would that resolve everything here?
I thought about it, but if you had done that, it would be possible to have
the start time be "now - lifetime - 2 days". And the end time would be
"start + lifetime", which would result in an already-expired certificate.
> Maybe I am deeply confused, but won't
> {{{
> + if (earliest_start_time < now)
> + earliest_start_time = now;
> + start_time = crypto_rand_time_range(earliest_start_time, now);
> }}}
> trigger the assert in crypto_rand_time_range() that min < max, since
we'll be passing it "now, now"?
ohhh, yeah. Better fix that too.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21420#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list