diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-05-31 18:33:38 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-05-31 18:45:35 -0400 |
| commit | a9be768959c189846178723d5fe44d3b59b0d983 (patch) | |
| tree | 34a4e674f22dd522d339b6c064b075f7db75cd29 /changes | |
| parent | 5b33d95a3dfe943625d78983bb53be2901a51150 (diff) | |
| download | tor-a9be768959c189846178723d5fe44d3b59b0d983.tar.gz tor-a9be768959c189846178723d5fe44d3b59b0d983.zip | |
Bugfix: Regenerate more certificates when appropriate
Previously we could sometimes change our signing key, but not
regenerate the certificates (signing->link and signing->auth) that
were signed with it. Also, we would regularly replace our TLS x.509
link certificate (by rotating our TLS context) but not replace our
signing->link ed25519 certificate. In both cases, the resulting
inconsistency would make other relays reject our link handshakes.
Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug22460_case1 | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/changes/bug22460_case1 b/changes/bug22460_case1 new file mode 100644 index 0000000000..9aef46b21f --- /dev/null +++ b/changes/bug22460_case1 @@ -0,0 +1,10 @@ + o Major bugfixes (relays, key management): + - Regenerate link and authentication certificates whenever the key that + signs them changes; also, regenerate link certificates whenever the + signed key changes. Previously, these processes were only weakly + coupled, and we relays could (for minutes to hours) wind up with an + inconsistent set of keys and certificates, which other relays + would not accept. Fixes two cases of bug 22460; bugfix on + 0.3.0.1-alpha. + + |