[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #30482 [Core Tor/Tor]: unexpected warning: Invalid signature for service descriptor signing key: expired



#30482: unexpected warning:     Invalid signature for service descriptor signing
key: expired
--------------------------+------------------------------
 Reporter:  toralf        |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Component:  Core Tor/Tor
  Version:  Tor: 0.4.0.5  |       Severity:  Normal
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------
 I do wonder about
 {{{
 # tail -n 2 /tmp/notice2.log
 May 12 10:42:13.000 [notice] DoS mitigation since startup: 10 circuits
 killed with too many cells. 13604 circuits rejected, 12 marked addresses.
 106 connections closed. 1917 single hop clients refused.
 May 12 14:30:03.000 [warn] Invalid signature for service descriptor
 signing key: expired
 }}}
 b/c it looks ok:
 {{{
 # tor --key-expiration sign -f /etc/tor/torrc2
 May 12 16:27:26.845 [notice] Tor 0.4.0.5 running on Linux with Libevent
 2.1.8-stable, OpenSSL LibreSSL 2.8.3, Zlib 1.2.11, Liblzma 5.2.4, and
 Libzstd N/A.
 May 12 16:27:26.845 [notice] Tor can't help you if you use it wrong! Learn
 how to be safe at https://www.torproject.org/download/download#warning
 May 12 16:27:26.845 [notice] Read configuration file "/etc/tor/torrc2".
 May 12 16:27:26.849 [notice] Included configuration file or directory at
 recursion level 1: "/etc/tor/torrc.d/00_common".
 May 12 16:27:26.849 [notice] Based on detected system memory,
 MaxMemInQueues is set to 8192 MB. You can override this by setting
 MaxMemInQueues by hand.
 May 12 16:27:26.858 [notice] We were built to run on a 64-bit CPU, with
 OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently
 lacks accelerated support for the NIST P-224 and P-256 groups. Building
 openssl with such support (using the enable-ec_nistp_64_gcc_128 option
 when configuring it) would make ECDH much faster.
 May 12 16:27:26.973 [notice] Your Tor server's identity key fingerprint is
 'zwiebeltoralf2 509EAB4C5D10C9A9A24B4EA0CE402C047A2D64E6'
 May 12 16:27:26.973 [notice] The signing certificate stored in
 /var/lib/tor/data2/keys/ed25519_signing_cert is valid until 2019-08-10
 04:00:00.
 signing-cert-expiry: 2019-08-10 04:00:00
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30482>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs