Regenerate RSA->ed25519 identity crosscertificate as needed

author: Nick Mathewson <nickm@torproject.org> 2017-06-01 10:04:52 -0400
committer: Nick Mathewson <nickm@torproject.org> 2017-06-01 10:04:52 -0400
commit: 41ed9e978b77080c027e50ed831370efbeeeac37 (patch)
tree: f7d1fdd3a4d28894a84d8965987ca2c7bdebb226 /changes/bug22466_regenerate
parent: 5b33d95a3dfe943625d78983bb53be2901a51150 (diff)
download: tor-41ed9e978b77080c027e50ed831370efbeeeac37.tar.gz
tor-41ed9e978b77080c027e50ed831370efbeeeac37.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/bug22466_regenerate b/changes/bug22466_regenerate
new file mode 100644
index 0000000000..8dbda89c8f
--- /dev/null
+++ b/changes/bug22466_regenerate
@@ -0,0 +1,8 @@
+  o Minor bugfixes (link handshake):
+    - Lower the lifetime of the RSA->Ed25519 cross-certificate to
+      six months, and regenerate it when it is within one month of expiring.
+      Previously, we had generated this certificate at startup with
+      a ten-year lifetime, but that could lead to weird behavior when
+      Tor was started with a grossly inaccurate clock. Mitigates
+      bug 22466; mitigation on 0.3.0.1-alpha.
+
author	Nick Mathewson <nickm@torproject.org>	2017-06-01 10:04:52 -0400
committer	Nick Mathewson <nickm@torproject.org>	2017-06-01 10:04:52 -0400
commit	41ed9e978b77080c027e50ed831370efbeeeac37 (patch)
tree	f7d1fdd3a4d28894a84d8965987ca2c7bdebb226 /changes/bug22466_regenerate
parent	5b33d95a3dfe943625d78983bb53be2901a51150 (diff)
download	tor-41ed9e978b77080c027e50ed831370efbeeeac37.tar.gz tor-41ed9e978b77080c027e50ed831370efbeeeac37.zip