[tor-bugs] #21420 [Core Tor/Tor]: Link certificate start date in the future

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 15 16:05:02 UTC 2017 

#21420: Link certificate start date in the future
--------------------------+------------------------------------
 Reporter:  mmcloughlin   |          Owner:  nickm
     Type:  defect        |         Status:  needs_revision
 Priority:  Medium        |      Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  029-backport  |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------
Changes (by dgoulet):

 * status:  needs_review => needs_revision


Comment:

 This comment, I can't understand the why nor the what (starting at the
 "instead"):

 {{{
   /* Our certificate lifetime will be cert_lifetime no matter what, but if
 we
    * start cert_lifetime in the past, we'll have 0 real lifetime.  instead
 we
    * start up to (cert_lifetime - min_real_lifetime - start_granularity)
 in
    * the past. */
 }}}

 I do understand that we absolutely want "cert_lifetime" but then the
 explanation for how we do that is confusing to me. We "start up to" what
 exactly? and what is this "in the past"? Trying to understand: we use the
 lifetime value we want minus some values which are the minimum real
 lifetime (basically the minimum allowed for lifetime of a cert?) and then
 a "granularity" that I don't know why we use that. I see this comment
 `Lastly, be sure to start on a day boundary.` but no why.

 And then the code is kind of the same thing but intuitively is reverse :).

 {{{
   time_t earliest_start_time = now - cert_lifetime + min_real_lifetime +
 start_granularity;
 }}}

 The math aren't that difficult but are easily confusing especially with a
 lifetime concept so I would really love to see a unit test testing the
 boundaries. And this whole snippet of code could even be extracted in a
 separate function for clarity, documentation and easier testing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21420#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list