diff options
| author | Roger Dingledine <arma@torproject.org> | 2005-01-03 17:10:32 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2005-01-03 17:10:32 +0000 |
| commit | 70075933c65d606a1b4dd24bff88ae10becea87d (patch) | |
| tree | 459121f9b42d82c8b340b8b82ea070fe59ce148f | |
| parent | fdf8c55f3077f4733f099040b04fa76a69c9d957 (diff) | |
| download | tor-70075933c65d606a1b4dd24bff88ae10becea87d.tar.gz tor-70075933c65d606a1b4dd24bff88ae10becea87d.zip | |
stop checking for clock skew, even for servers.
this means we are vulnerable to an attack where somebody recovers
and uses a really old certificate. however, if they do that, they
probably can get our identity key just as easily.
svn:r3241
| -rw-r--r-- | src/or/connection_or.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 3a68fb7873..3520bd2ffc 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -391,6 +391,7 @@ connection_tls_finish_handshake(connection_t *conn) { log_fn(LOG_WARN, "Identity key not as expected for router claiming to be '%s' (%s:%d) ", nickname, conn->address, conn->port); return -1; } +#if 0 if (router_get_by_digest(digest_rcvd)) { /* This is a known router; don't cut it slack with its clock skew. */ if (tor_tls_check_lifetime(conn->tls, TIGHT_CERT_ALLOW_SKEW)<0) { @@ -399,6 +400,7 @@ connection_tls_finish_handshake(connection_t *conn) { return -1; } } +#endif if (connection_or_nonopen_was_started_here(conn)) { /* I initiated this connection. */ |