[tor-bugs] #22460 [Core Tor/Tor]: Received a bad CERTS cell: Link certificate does not match TLS certificate
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 31 23:03:55 UTC 2017
#22460: Received a bad CERTS cell: Link certificate does not match TLS certificate
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status:
| needs_review
Priority: High | Milestone: Tor:
| 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Major | Resolution:
Keywords: tor-relay certs handshake ed25519 | Actual Points:
needs-analysis 030-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by nickm):
Replying to [comment:26 nickm]:
> > I bet that the "The link certificate didn't match the TLS public key"
thing is similar, but I'm not sure.
>
> It's similar, I think. I believe this bug happens when we send an x.509
cert as part of a TLS handshake, then rotate our TLS context, then send
our certs cell from connection_or_send_certs_cell(). This timing for this
rotation means that the link certificate in our certs cell won't match the
one from the TLS handshake.
I'm trying to think of a good bugfix for this one that doesn't have a race
condition. The problem with this case is that it means that my fix above
is incomplete -- we need to update the signing->link certificate on TLS
rotation, yes, but we should still serve the old signing->link certificate
on all connections that existed before the TLS context rotated.
I think the answer may be to cache the signing->link certificate at the
time that the connection is created? It's not perfectly elegant, but it
would work.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22460#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list