[tor-relays] bad validity timestamps on authority certificates
Roger Dingledine
arma at mit.edu
Sat Nov 5 06:14:43 UTC 2011
On Fri, Nov 04, 2011 at 06:06:41PM -0500, Scott Bennett wrote:
> Nov 04 15:51:00.273 [warn] Certificate not yet valid: is your system clock set incorrectly?
> Nov 04 15:51:00.274 [warn] (certificate lifetime runs from Nov 5 04:26:47 2011 GMT through Nov 4 04:26:47 2012 GMT. Your time is Nov 04 20:51:00 2011 GMT.)
[snip]
> My system's clock gets adjusted to the network timeservers' values once per
> hour. I've checked the logs and found that the each adjustment has been less
> than 71 ms during this time.
> So the question is why are the authorities putting out new certificates
> with valid time periods beginning six or more hours in the future? Also, when
> will the authorities be corrected?
These aren't directory authorities. These are just random relays that
you're connecting to who have clocks more than an hour off, and an
over-active log message.
See
https://trac.torproject.org/projects/tor/ticket/4370
https://trac.torproject.org/projects/tor/ticket/4371
This is the alpha Tor, with a shiny new (and still somewhat
sharp-around-the-edges) v3 link handshake. I'm glad this one doesn't
crash, like the last one did. :)
--Roger
More information about the tor-relays
mailing list