summaryrefslogtreecommitdiff
path: root/changes/bug22460_case1
blob: cfe78ad7917a3de70d430cc98738ecd6b3aa838d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
  o Major bugfixes (relays, key management):
    - Regenerate link and authentication certificates whenever the key that
      signs them changes; also, regenerate link certificates whenever the
      signed key changes. Previously, these processes were only weakly
      coupled, and we relays could (for minutes to hours) wind up with an
      inconsistent set of keys and certificates, which other relays
      would not accept. Fixes two cases of bug 22460; bugfix on
      0.3.0.1-alpha.
    - When sending an Ed25519 signing->link certificate in a CERTS cell,
      send the certificate that matches the x509 certificate that we used
      on the TLS connection. Previously, there was a race condition if
      the TLS context rotated after we began the TLS handshake but
      before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
      on 0.3.0.1-alpha.