[tor-bugs] #22460 [Core Tor/Tor]: Link handshake trouble: certificates and keys can get out of sync
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 5 13:43:10 UTC 2017
#22460: Link handshake trouble: certificates and keys can get out of sync
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status:
| needs_revision
Priority: High | Milestone: Tor:
| 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Major | Resolution:
Keywords: tor-relay certs handshake ed25519 | Actual Points: 1
needs-analysis 030-backport 029-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by nickm):
Thanks for the reviews! Except as noted, I've made the requested changes.
George, you successfully found a major bug in the "bug22460_case2_029_01"
branch: I should have been calling SSL_get_certificate(), not
SSL_get_peer_certificate().
Replying to [comment:33 dgoulet]:
> Second thing, maybe `tor_x509_cert_dup()` should be unit test only for
now? It's dead code if no unit tests.
Good catch. If you don't mind, I'd like to leave it in: there are a few
other places where we should be using it IIRC where we have silly kludges
instead.
Replying to [comment:34 asn]:
> Are we sure that there is no chance we will leave own_link_cert
uninitialized?
Take another look at add_ed25519_cert(): it is a no-op if cert is NULL.
I'll update the documentation comment to make the behavior explicit, and
add a tor_assert_nonfatal().
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22460#comment:35>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list