Opened 3 years ago

Closed 3 years ago

#19157 closed enhancement (implemented)

[prop220] Check all new certificate types (incl cross-cert and ed25519)

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: prop220, TorCoreTeam201608
Cc: Actual Points: 2
Parent ID: #15055 Points: 1
Reviewer: Sponsor: SponsorU-must

Description

If we're using ed25519 authentication, we should understand and check all the relevant certificate types when they're presented in the CERTS cell.

Partially implemented in my work-in-progress #15055 branch.

Child Tickets

Change History (10)

comment:1 Changed 3 years ago by nickm

Type: defectenhancement

comment:2 Changed 3 years ago by nickm

Keywords: TorCoreTeam201605 removed

Remove "TorCoreTeam201605" keyword. The time machine is broken.

comment:3 Changed 3 years ago by nickm

Sponsor: SponsorU-must

comment:4 Changed 3 years ago by nickm

Status: newassigned

comment:5 Changed 3 years ago by nickm

Partially implemented in my frequently-rebased 15055_wip branch, which parses the new types.

comment:6 Changed 3 years ago by nickm

Keywords: TorCoreTeam201608 added

comment:7 Changed 3 years ago by nickm

Next steps here:

  • complete the or_handshake_certs_ed25519_ok function.
  • Resolve all XXX items in it.
  • Make it check expiration times.
  • actually call it in the same places we call or_handshake_certs_rsa_ok.

comment:8 Changed 3 years ago by nickm

Done in my 15055_wip branch.

comment:9 Changed 3 years ago by nickm

Actual Points: 2

comment:10 Changed 3 years ago by nickm

Resolution: implemented
Status: assignedclosed

These are implemented in 15055_wip; folding them into #15055 as their parent ticket.

Note: See TracTickets for help on using tickets.