[tor-bugs] #22460 [Core Tor/Tor]: Received a bad CERTS cell: Link certificate does not match TLS certificate

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 31 19:32:11 UTC 2017 

#22460: Received a bad CERTS cell: Link certificate does not match TLS certificate
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.3.1.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tor-relay certs handshake ed25519    |  Actual Points:
  needs-analysis 030-backport                    |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arma):

 {{{
 May 31 15:20:00.993 [info] channel_tls_process_versions_cell(): Negotiated
 version 4 with 78.52.211.211:443; Sending cells: CERTS
 May 31 15:20:00.993 [info] rsa_ed25519_crosscert_check(): Received a bad
 RSA->Ed25519 crosscert: Crosscert is expired
 May 31 15:20:00.993 [info] or_handshake_certs_ed25519_ok(): Received a bad
 CERTS cell: Invalid RSA->Ed25519 crosscert
 May 31 15:20:00.993 [info] channel_tls_process_certs_cell(): Received a
 bad CERTS cell from 78.52.211.211:443: Invalid certificate chain!
 May 31 15:20:00.993 [info] dump_certs_cell(): certificate 1/5: type 1,
 body
 30820244308201ADA00302010202081259849D5624B00F300D06092A864886F70D01010B050030253123302106035504030C1A7777772E68626D366C63356E33786F7062733462726C2E636F6D301E170D3137303431313030303030305A170D3137313132383030303030305A3020311E301C06035504030C157777772E66767962726B77793570326B772E6E657430820122300D06092A864886F70D01010105000382010F003082010A0282010100D02AEF06951D49654A67C777E56F4E2A0B3249B5D0B560A1AB69A4135C2BEA9160C7E94AFDE033CCA4F7E8C56805D5E25CF3B4D1D4FB2F51EACEECA9A000C4EEAEE52AE3F7FAC61FF50B3B62819339ACACEDD1BEFD352F2D6886AAB68962E99FEC1E2C2DE6CF0204361BF6A6E3F5BC317639A101E762469DB8A73A651B1609EEBAFB5D06158450DF3152455E5551580A9D66BCB758882ADAE9408B6863BAF21ECFA6FD608E5F224468F70B5F9DC340D8F8F45A86476BE6F10FDBC44471B26651297EBEAC01C70E8BB8354C0A334EC48C32474380278690CCDEC71C46684B5775320E945F141ABF2074FDF9E663E71705CC0448704028E4AF943A29EE1201609B0203010001300D06092A864886F70D01010B0500038181006969DEBA09A81EBB32F5EF51495C93EB879398422BCF5993EA8086D9EBA2C573E9551953E78BA203D3579
 1EFC8E117EA3B3370D205080AC6CDCF70863A7995B77CCFD067A311071F5F9C9A0F09DC4E1B0FF02ED34F71F59B4EB5B9E7D326D6A18371C536521644EAA19BBE1A0E1EDC8596D8491D6963ACF756060D91B9E53A19
 May 31 15:20:00.993 [info] dump_certs_cell(): certificate 2/5: type 2,
 body
 308201C63082012FA003020102020900A12C926977359128300D06092A864886F70D01010B050030253123302106035504030C1A7777772E68626D366C63356E33786F7062733462726C2E636F6D301E170D3137303130373030303030305A170D3138303130373030303030305A30253123302106035504030C1A7777772E68626D366C63356E33786F7062733462726C2E636F6D30819F300D06092A864886F70D010101050003818D0030818902818100C8857E852A4991705CA30D3460172F42815C5F1E659692B795BDD1E4A00AD319017B565DB2F25C2E8959DF87E4493C4E1455D91C7BB68FF55E6E7FCF818D8308C6D4B70BD066F44FAE33519AD10C7404AC05497DA4E0F20E7F0FAB0A9FC7E320D859D62410CF95E045553730ACCBCFE34C52A3C1AD0ECF0EF8AAD94672685A0F0203010001300D06092A864886F70D01010B0500038181009BD2EFFDBABA39AC6365AEC34976AF2BF2BEB8E3718AF9F113A6ABEB66885441D0DF455B55C4835855BA50E053A42C81003DCDF4C7B6C2AB900CB4D14088575B32DF39A63DB7C6360D8D3893D85070123D63AB18DA42961A7B091F41597A762675C4A37FC5B45B275A15D1F7386AE2F7915896CE716BC26BA09FD3958C679911
 May 31 15:20:00.993 [info] dump_certs_cell(): certificate 3/5: type 4,
 body
 0104000658E501A85A541FF2B5D4FBC156155D939779733E3AB55E8607D99942D470EBA1E79D96010020040006232608577AC3AF530DF8B046C51722C0C9529C5C98557F5515ACEB195ABCF0824974D7B657073ACEBB35EC2B12C0DA6BC3E602A7AAB3F8523633E073CFAD3E099100B33C9B5DBA09346D5CADD577A0216E0A09BF7895534B01566DBB796907
 May 31 15:20:00.993 [info] dump_certs_cell(): certificate 4/5: type 5,
 body
 0105000657BA011D59E5BFECC9EC1C894AD8F97E38524120526B48891CF6EF4794FD8006595A12004CD4EEA7DE9517EC1D862154465A8BECFF321547A8BAB3C9C824A09919903CE3CC79460ED5B743F664D8CD5E6007C86CCAEE1502C81C93EE8423A4AD1D82BD05
 May 31 15:20:00.993 [info] dump_certs_cell(): certificate 5/5: type 7,
 body
 06232608577AC3AF530DF8B046C51722C0C9529C5C98557F5515ACEB195ABCF00001563180463B800A78747A0759A51E037CA30C5253F5CAE555B8B3E9C50520FC3C72259E50339FA76474BC6A693043E443BDEA73F82A82CD94FD550945E9690BC610DB1938E12926781D37B5E72BB0F1991ACD376F45D29B9B8837CC49F5A128130CD553017BF1A4CE9770EE694403F9CE9E9A3C362EC59142B42DC3982A17653ABB64C5
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22460#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list