[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22460 [Core Tor/Tor]: Link handshake trouble: certificates and keys can get out of sync
#22460: Link handshake trouble: certificates and keys can get out of sync
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status:
| needs_revision
Priority: High | Milestone: Tor:
| 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Major | Resolution:
Keywords: tor-relay certs handshake ed25519 | Actual Points: 1
needs-analysis 030-backport 029-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by nickm):
Thanks for the reviews! Except as noted, I've made the requested changes.
George, you successfully found a major bug in the "bug22460_case2_029_01"
branch: I should have been calling SSL_get_certificate(), not
SSL_get_peer_certificate().
Replying to [comment:33 dgoulet]:
> Second thing, maybe `tor_x509_cert_dup()` should be unit test only for
now? It's dead code if no unit tests.
Good catch. If you don't mind, I'd like to leave it in: there are a few
other places where we should be using it IIRC where we have silly kludges
instead.
Replying to [comment:34 asn]:
> Are we sure that there is no chance we will leave own_link_cert
uninitialized?
Take another look at add_ed25519_cert(): it is a no-op if cert is NULL.
I'll update the documentation comment to make the behavior explicit, and
add a tor_assert_nonfatal().
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22460#comment:35>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs