[tor-bugs] #2991 [Tor Client]: Confusing log messages when a DA starts using a new key

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Apr 26 11:37:06 UTC 2011 

#2991: Confusing log messages when a DA starts using a new key
------------------------+---------------------------------------------------
 Reporter:  rransom     |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  minor       |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------
 From IRC:
 > [04:06:59] <ln5> karsten: seeing this repeatedly in maatuska logs:
 > [04:07:02] <ln5> Apr 26 13:06:09.964 [notice] We're missing a
 certificate from authority with signing key
 B3F2CB9D75F87AE4D4A8ECEB3CAAECDC4B131010: launching request.
 > [04:07:02] <ln5> Apr 26 13:06:10.318 [warn] Got a certificate for
 maatuska, but we already have it. Maybe they haven't updated it. Waiting
 for a while.
 > [04:08:27] <ln5> do i need to do anything else than dropping new
 authority_certificate and authority_signing_key files in the keys
 directory and restart tor?
 > [04:09:50] <rransom> That ‘We're missing a certificate’ log message
 means it fetched the previous consensus as a client, and saw a signature
 with maatuska's old key, and set out to ask maatuska for its certificate
 for that old key.
 > [04:10:35] <ln5> a, roles.  makes sense.  thanks.
 > [04:10:55] <rransom> The second one you pasted means that when it got
 maatuska's (new) certificate, the certificate didn't match the directory-
 signing key used for that consensus.
 >
 > [04:29:37] <ln5> rransom: what makes you think that?  to me it seems
 like it got a certificate it already had (maatuska's).  i suppose that
 might happen if i fetch it from a DA that hasn't updated maatuskas cert
 yet.
 > [04:30:43] <rransom> ln5: It did. It was hoping to get maatuska's old
 certificate, which would contain the key with which maatuska had signed
 the then-current consensus.

 I suspect that a client bootstrapped between the time that a DA upgraded
 its signing key and the time that it used that key to sign a new consensus
 would emit these confusing messages as well.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2991>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list