[tor-bugs] #22460 [Core Tor/Tor]: Received a bad CERTS cell: Link certificate does not match TLS certificate
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 31 21:47:37 UTC 2017
#22460: Received a bad CERTS cell: Link certificate does not match TLS certificate
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: High | Milestone: Tor:
| 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Major | Resolution:
Keywords: tor-relay certs handshake ed25519 | Actual Points:
needs-analysis 030-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by nickm):
The above explanation explains the "At least one Ed25519 certificate was
badly signed" thing, and it explains the "Link certificate does not match
TLS certificate" thing.
I bet that the "The link certificate didn't match the TLS public key"
thing is similar, but I'm not sure. More investigation needed.
The "Crosscert is expired" case is still mysterious. It looks as if we
were passing 0 or -1 to load_ed_keys() for "now", but looking at the code
in maint-0.3.0, I don't see how we could actually do that.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22460#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list