[tor-bugs] #22460 [Core Tor/Tor]: Received a bad CERTS cell: Link certificate does not match TLS certificate
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 31 21:45:11 UTC 2017
#22460: Received a bad CERTS cell: Link certificate does not match TLS certificate
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: High | Milestone: Tor:
| 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Major | Resolution:
Keywords: tor-relay certs handshake ed25519 | Actual Points:
needs-analysis 030-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by nickm):
BINGO. I have a diagnosis for at least part of the bug. Specifically,
this would explain the "At least one Ed25519 certificate was badly signed"
case.
In load_ed_keys(), and in generate_ed_link_cert(), we check to see whether
our SIGNING->AUTH certificate and our SIGNING->LINK certificate have a
signed key that matches our current key... but we don't make sure that the
_signing_ key matches the current _signing_ key. So when the _signing
key_ is updated, we'll keep serving certificates signed with the old
signing key.
Furthermore, in rotate_x509_certificate_callback(), we don't call
generate_ed_link_cert(), which means that our link cert will remain
outdated for a while.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22460#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list