[tor-bugs] #30482 [Core Tor/Tor]: unexpected warning: Invalid signature for service descriptor signing key: expired
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun May 12 14:30:53 UTC 2019
#30482: unexpected warning: Invalid signature for service descriptor signing
key: expired
--------------------------+------------------------------
Reporter: toralf | Owner: (none)
Type: defect | Status: new
Priority: Medium | Component: Core Tor/Tor
Version: Tor: 0.4.0.5 | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------
I do wonder about
{{{
# tail -n 2 /tmp/notice2.log
May 12 10:42:13.000 [notice] DoS mitigation since startup: 10 circuits
killed with too many cells. 13604 circuits rejected, 12 marked addresses.
106 connections closed. 1917 single hop clients refused.
May 12 14:30:03.000 [warn] Invalid signature for service descriptor
signing key: expired
}}}
b/c it looks ok:
{{{
# tor --key-expiration sign -f /etc/tor/torrc2
May 12 16:27:26.845 [notice] Tor 0.4.0.5 running on Linux with Libevent
2.1.8-stable, OpenSSL LibreSSL 2.8.3, Zlib 1.2.11, Liblzma 5.2.4, and
Libzstd N/A.
May 12 16:27:26.845 [notice] Tor can't help you if you use it wrong! Learn
how to be safe at https://www.torproject.org/download/download#warning
May 12 16:27:26.845 [notice] Read configuration file "/etc/tor/torrc2".
May 12 16:27:26.849 [notice] Included configuration file or directory at
recursion level 1: "/etc/tor/torrc.d/00_common".
May 12 16:27:26.849 [notice] Based on detected system memory,
MaxMemInQueues is set to 8192 MB. You can override this by setting
MaxMemInQueues by hand.
May 12 16:27:26.858 [notice] We were built to run on a 64-bit CPU, with
OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently
lacks accelerated support for the NIST P-224 and P-256 groups. Building
openssl with such support (using the enable-ec_nistp_64_gcc_128 option
when configuring it) would make ECDH much faster.
May 12 16:27:26.973 [notice] Your Tor server's identity key fingerprint is
'zwiebeltoralf2 509EAB4C5D10C9A9A24B4EA0CE402C047A2D64E6'
May 12 16:27:26.973 [notice] The signing certificate stored in
/var/lib/tor/data2/keys/ed25519_signing_cert is valid until 2019-08-10
04:00:00.
signing-cert-expiry: 2019-08-10 04:00:00
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30482>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list