[tor-bugs] #22466 [Core Tor/Tor]: "Crosscert is expired" warnings: RSA->Ed25519 identity crosscertifice apparently made in 1970?

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 1 14:37:56 UTC 2017


#22466: "Crosscert is expired" warnings: RSA->Ed25519 identity crosscertifice
apparently made in 1970?
-------------------------------------------------+-------------------------
 Reporter:  nickm                                |          Owner:
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.1.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  030-backport tor-relay certificate   |  Actual Points:
  expired 1970                                   |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 The other reason that time(NULL) could return 0 (or -1, or a small
 integer) is if tor starts on a machine which thinks the time is 1970. This
 can happen when the clock battery fails. If the machine then updates its
 time using ntp or similar, tor could bootstrap, but would have an old
 certificate.

 This seems like another possible cluster of bugs: or do we renew
 everything else when it expires? Or do we do other long-term things once
 at startup, and expect them to be right forever?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22466#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list