[tor-bugs] #22460 [Core Tor/Tor]: Received a bad CERTS cell: Link certificate does not match TLS certificate

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 31 13:41:16 UTC 2017


#22460: Received a bad CERTS cell: Link certificate does not match TLS certificate
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by arma):

 Here is one case, which looks legitimate and normal (I assume the person
 changed their key but kept the same IP:port):
 {{{
 May 31 09:31:46.987 [info] channel_tls_process_versions_cell(): Negotiated
 version 4 with 203.59.211.197:9001; Sending cells: CERTS
 May 31 09:31:46.987 [info] connection_or_client_learned_peer_id(): learned
 peer id for 0x7fdacfc47df0 (203.59.211.197):
 0D3A46F079C9A8FF1F8506E6EFE4859B093086C6, <null>
 May 31 09:31:46.987 [info] connection_or_client_learned_peer_id(): Tried
 connecting to router at 203.59.211.197:9001, but RSA identity key was not
 as expected: wanted 31DAC214419D790CA6E200FC7937C9F836D67B24 + no ed25519
 key but got 0D3A46F079C9A8FF1F8506E6EFE4859B093086C6 + no ed25519 key.
 May 31 09:31:46.987 [info] channel_tls_process_certs_cell(): Received a
 bad CERTS cell from 203.59.211.197:9001: Problem setting or checking peer
 id
 May 31 09:31:46.987 [info] conn_close_if_marked(): Conn (addr
 "203.59.211.197", fd 3903, type OR, state 7) marked, but wants to flush
 1327 bytes. (Marked at src/or/connection_or.c:1319)
 May 31 09:31:46.987 [info] conn_close_if_marked(): We stalled too much
 while trying to write 1327 bytes to address "203.59.211.197".  If this
 happens a lot, either something is wrong with your network connection, or
 something is wrong with theirs. (fd 3903, type OR, state 7, marked at
 src/or/connection_or.c:1319).
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22460#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list