[tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 17 15:58:04 UTC 2014
#13379: Sign our MAR files
-------------------------+-------------------------------------------------
Reporter: | Owner: mcs
mikeperry | Status: needs_review
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-security,
Browser | TorBrowserTeam201412,TorBrowserTeam201412R
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by mcs):
Replying to [comment:45 gk]:
> If I sign the .mar files with the key embedded in the second certificate
I get
> {{{
> ERROR: Error verifying signature.
> ERROR: Not all signatures were verified.
> }}}
> But the update with the full .mar file works and the one with the
incremental .mar file is broken as described above. I guess these errors
occur as the verifier is first trying the first key which results in an
error and then falling back to the second one.
libmar writes those error messages to stderr. I don't think users will
see them except at the terminal or if they capture stderr. Certainly they
will have to go look for them. I think we should keep as possibly useful
diagnostic messages (although "ERROR:" is misleading in this case).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:50>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list