Authorities reject descriptors without ntor keys

Before, they checked for version 0.2.4.18-rc or later, but this would not catch relays without version lines, or buggy or malicious relays missing an ntor key.
author: teor (Tim Wilson-Brown) <teor2345@gmail.com> 2016-07-06 16:50:48 +1000
committer: teor (Tim Wilson-Brown) <teor2345@gmail.com> 2016-07-15 09:55:49 +1000
commit: 33da2abd0571a4c4e21d5841bab1be336bca3a5a (patch)
tree: 00aa30251f6bd7f59a7fd3d2e78d7313f9a19e3f /changes/reject-tap
parent: 9932544297e02dc4f79d70317f214bcbb2dd8e9a (diff)
download: tor-33da2abd0571a4c4e21d5841bab1be336bca3a5a.tar.gz
tor-33da2abd0571a4c4e21d5841bab1be336bca3a5a.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/changes/reject-tap b/changes/reject-tap
new file mode 100644
index 0000000000..85fffc5b3e
--- /dev/null
+++ b/changes/reject-tap
@@ -0,0 +1,4 @@
+  o Major bug fixes (circuit building):
+    - Authorites should not trust the version a relay claims (if any),
+      instead, they should check specifically for an ntor key.
+      Fixes bug 19163; bugfix on 0.2.4.18-rc.
author	teor (Tim Wilson-Brown) <teor2345@gmail.com>	2016-07-06 16:50:48 +1000
committer	teor (Tim Wilson-Brown) <teor2345@gmail.com>	2016-07-15 09:55:49 +1000
commit	33da2abd0571a4c4e21d5841bab1be336bca3a5a (patch)
tree	00aa30251f6bd7f59a7fd3d2e78d7313f9a19e3f /changes/reject-tap
parent	9932544297e02dc4f79d70317f214bcbb2dd8e9a (diff)
download	tor-33da2abd0571a4c4e21d5841bab1be336bca3a5a.tar.gz tor-33da2abd0571a4c4e21d5841bab1be336bca3a5a.zip