[tor-bugs] #30482 [Core Tor/Tor]: unexpected warning: Invalid signature for service descriptor signing key: expired

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 13 04:25:41 UTC 2019


#30482: unexpected warning:     Invalid signature for service descriptor signing
key: expired
--------------------------+------------------------------
 Reporter:  toralf        |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:  Tor: 0.4.0.5
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------

Comment (by arma):

 This "Invalid signature for service descriptor signing key: expired"
 phrase comes from your relay because somebody tried to upload an onion
 service descriptor to you (presumably in your role as an HSDir), and you
 thought it was malformed:
 https://gitweb.torproject.org/tor.git/tree/src/feature/hs/hs_descriptor.c?h=tor-0.4.0.5#n2123

 My guess is that we should get dgoulet and asn to look at this to make
 sure they aren't surprised by anything, or think of new bugs to fix, and
 then somebody should go through and turn all the log_warn's into
 log_protocol_warn's if they happen on the relay side: there's nothing the
 relay operator can do if somebody screws up their onion service publish.

 E.g., cert_parse_and_validate() might want a log_severity argument, so
 {{{
     log_warn(LD_REND, "Certificate for %s couldn't be parsed.", err_msg);
 }}}
 can decide how loudly it's supposed to yell.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30482#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list