[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #31669 [Core Tor/Tor]: Invalid signature for service descriptor signing key: expired
#31669: Invalid signature for service descriptor signing key: expired
--------------------------+------------------------------
Reporter: a_p | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version: Tor: 0.4.1.5
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------
Comment (by teor):
Replying to [comment:1 arma]:
> This message sounds like there is an onion service involved, but the
onion service is broken (its signing key is old, perhaps because its clock
is super wrong).
>
> Was this a warning-level log? Your quote doesn't say what log severity
it was.
Yes, it's a warning-level log:
https://github.com/torproject/tor/blob/27e067df4fd3148b59dd0377d1a7b111460a2b53/src/feature/hs/hs_descriptor.c#L1293
> Were there any onion services involved in these exit relays? E.g. they
hosted some or they were visiting some as a client?
>
> The other possibility is that they were simply being normal HSDirs, and
relays that receive encrypted onion descriptors still validate them enough
to find this error. In that case we should consider turning the log into
an info-level log, since there is nothing your relay can do about it.
We should make it a protocol warning, so that we still see it in test
networks.
It looks like there are a lot of warnings in the cert code, which should
actually be protocol warnings. Maybe we need to pass an "is_remote" flag
to our validation code, and switch to protocol warnings when it is true.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31669#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs