[tor-bugs] #19809 [Applications/Tor Messenger]: Update verification failed but update still applies on Linux and OS X
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 2 21:09:29 UTC 2016
#19809: Update verification failed but update still applies on Linux and OS X
--------------------------------------------+-----------------
Reporter: sukhbir | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Messenger | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------+-----------------
With all the updater patches applied, I was trying to update Tor
Messenger. I generated the MAR signing key and signed the MAR file and
then tried to update. (The build was completed with the associated DER
file.)
On Linux and OS X, it complains that the signatures could not be verified
but still goes on to complete the update.
On Windows it gives me error code 19, which Bugzilla
[https://bugzilla.mozilla.org/show_bug.cgi?id=742008#c4 #742008] tells me:
"That is CERT_VERIFY_ERROR, which suggests that the mars are not signed
correctly for some reason.".
This is the log from updating on Linux:
{{{
*** AUS:SVC Downloader:onStopRequest - attempting to stage update: Tor
Messenger 0.1.0b8
ERROR: Error verifying signature.
ERROR: Not all signatures were verified.
*** AUS:SVC readStatusFile - status: applied, path: /tmp/tor-
messenger/Browser/updates/0/update.status
*** AUS:SVC UpdateManager:refreshUpdateStatus - Notifying observers that
the update was staged. state: applied, status: applied
}}}
Why is Tor Messenger still updating if the signature could not be
verified?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19809>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list