From a9be768959c189846178723d5fe44d3b59b0d983 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 31 May 2017 18:33:38 -0400 Subject: Bugfix: Regenerate more certificates when appropriate Previously we could sometimes change our signing key, but not regenerate the certificates (signing->link and signing->auth) that were signed with it. Also, we would regularly replace our TLS x.509 link certificate (by rotating our TLS context) but not replace our signing->link ed25519 certificate. In both cases, the resulting inconsistency would make other relays reject our link handshakes. Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha. --- changes/bug22460_case1 | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 changes/bug22460_case1 (limited to 'changes') diff --git a/changes/bug22460_case1 b/changes/bug22460_case1 new file mode 100644 index 0000000000..9aef46b21f --- /dev/null +++ b/changes/bug22460_case1 @@ -0,0 +1,10 @@ + o Major bugfixes (relays, key management): + - Regenerate link and authentication certificates whenever the key that + signs them changes; also, regenerate link certificates whenever the + signed key changes. Previously, these processes were only weakly + coupled, and we relays could (for minutes to hours) wind up with an + inconsistent set of keys and certificates, which other relays + would not accept. Fixes two cases of bug 22460; bugfix on + 0.3.0.1-alpha. + + -- cgit v1.2.3-54-g00ecf