[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #1145 [Tor Client]: Tor fails to load auth-certs



#1145: Tor fails to load auth-certs
--------------------------------+-------------------------------------------
 Reporter:  knappo              |         Type:  defect    
   Status:  needs_review        |     Priority:  minor     
Milestone:  Tor: 0.2.2.x-final  |    Component:  Tor Client
  Version:  0.2.1.20            |   Resolution:  None      
 Keywords:  easy                |       Parent:            
--------------------------------+-------------------------------------------

Comment(by Sebastian):

 I'm not really happy with this patch. It does make the warning appear less
 often during normal bootstrapping, and instead of one warning it gives
 lots:

 {{{
 [notice] OpenSSL OpenSSL 0.9.8l 5 Nov 2009 looks like version 0.9.8l; I
 will try SSL3_FLAGS to enable renegotation.
 [notice] No current certificate known for authority moria1; launching
 request.
 [notice] No current certificate known for authority tor26; launching
 request.
 [notice] No current certificate known for authority dizum; launching
 request.
 [notice] No current certificate known for authority ides; launching
 request.
 [notice] No current certificate known for authority gabelmoo; launching
 request.
 [notice] No current certificate known for authority dannenberg; launching
 request.
 [notice] No current certificate known for authority urras; launching
 request.
 [notice] No current certificate known for authority maatuska; launching
 request.
 [notice] Bootstrapped 5%: Connecting to directory server.
 [notice] I learned some more directory information, but not enough to
 build a circuit: We have no network-status consensus.
 [notice] Bootstrapped 10%: Finishing handshake with directory server.
 [notice] Bootstrapped 15%: Establishing an encrypted directory connection.
 [notice] Bootstrapped 20%: Asking for networkstatus consensus.
 [notice] Bootstrapped 25%: Loading networkstatus consensus.
 [warn] Consensus includes unrecognized authority 'gabelmoo-legacy' at
 80.190.246.100:8180 (contact n/a; identity
 81349FC1F2DBA2C2C11B45CB9706637D480AB913)
 [warn] Consensus includes unrecognized authority 'moria1-legacy' at
 128.31.0.34:9131 (contact n/a; identity
 E2A2AF570166665D738736D0DD58169CC61D8A8B)
 [warn] Looks like we need to download a new certificate from authority
 'tor26' at 86.59.21.38:80 (contact Peter Palfrader; identity
 14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4)
 [warn] Looks like we need to download a new certificate from authority
 'ides' at 216.224.124.114:9030 (contact Mike Perry
 <mikeperryTAfsckedTODorg>; identity
 27B6B5996C426270A5C95488AA5BCEB6BCC86956)
 [warn] Looks like we need to download a new certificate from authority
 'maatuska' at 213.115.239.118:443 (contact 4096R/23291265 Linus Nordberg
 <linus@xxxxxxxxxxx>; identity 49015F787433103580E3B66A1707A00E60F2D15B)
 [warn] Looks like we need to download a new certificate from authority
 'dannenberg' at dannenberg.ccc.de:80 (contact Andreas Lehner
 <anonymizer@xxxxxx>; identity 585769C78764D58426B8B52B6651A5A71137189A)
 [warn] Looks like we need to download a new certificate from authority
 'urras' at 208.83.223.34:443 (contact 4096R/E012B42D Jacob Appelbaum
 <jacob@xxxxxxxxxxxxx>; identity 80550987E1D626E3EBA5E5E75A458DE0626D088C)
 [warn] Looks like we need to download a new certificate from authority
 'moria1' at 128.31.0.34:9131 (contact 1024D/28988BF5 arma mit edu;
 identity D586D18309DED4CD6D57C18FDB97EFA96D330566)
 [warn] Looks like we need to download a new certificate from authority
 'dizum' at 194.109.206.212:80 (contact 1024R/8D56913D Alex de Joode
 <adejoode@xxxxxxxxxxxx>; identity
 E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58)
 [warn] Looks like we need to download a new certificate from authority
 'gabelmoo' at 80.190.246.100:8180 (contact 1024D/F7C11265 Karsten Loesing
 <karsten dot loesing AT gmx dot net>; identity
 ED03BB616EB2F60BEC80151114BB25CEF515B226)
 [warn] A consensus needs 5 good signatures from recognized authorities for
 us to accept it. This one has 0. 2 of the authorities we know didn't sign
 it. It has 2 signatures from authorities we don't recognize. We were
 unable to check 8 of the signatures, because we were missing the keys.
 [notice] I learned some more directory information, but not enough to
 build a circuit: We have no network-status consensus.
 [notice] Bootstrapped 40%: Loading authority key certs.
 [notice] Bootstrapped 45%: Asking for relay descriptors.
 }}}

 IMO what we should do here is to make sure we don't warn as easily,
 especially because the warning happens frequently even on good
 connections.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1145#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs