[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #4370 [Tor Client]: If the CERTS cell contains a cert with a scary time, don't warn unless it's from an authority



#4370: If the CERTS cell contains a cert with a scary time, don't warn unless it's
from an authority
------------------------+---------------------------------------------------
 Reporter:  arma        |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client  |        Version:  Tor: 0.2.3.7-alpha
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------
 At the bottom of command_process_netinfo_cell() we have some logic, when
 we hear a scary time from a netinfo cell, to check:
 {{{
     if (router_digest_is_trusted_dir(conn->identity_digest))
       severity = LOG_WARN;
     else
       severity = LOG_INFO;
 }}}

 We should repeat that logic when we get a scary time from a CERTS cell.
 Turns out those scary times (off by an hour or more) are reasonably
 common.

 If you're quick, you can reproduce by running your Tor with "entrynode
 0xABCD":
 {{{
 Nov 01 04:30:45.000 [debug] connection_or_process_cells_from_inbuf(): 14:
 starting, inbuf_datalen 1444 (0 pending in tls object).
 Nov 01 04:30:45.000 [warn] Certificate not yet valid: is your system clock
 set incorrectly?
 Nov 01 04:30:45.000 [warn] (certificate lifetime runs from Nov  1 12:15:08
 2011 GMT through Oct 31 12:15:08 2012 GMT. Your time is Nov 01 08:30:45
 2011 GMT.)
 Nov 01 04:30:45.000 [info] command_process_cert_cell(): Received a bad
 CERT cell from 120.50.40.184:9001: The link certificate was not valid
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4370>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs