Opened 3 years ago

Last modified 2 years ago

#19507 new defect

tor and tor-gencert disagree on what a month is

Reported by: weasel Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.2.8.4-rc
Severity: Normal Keywords: tor-dirauth timekeeping month days small annoying
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

If I create a new authority-signing-key on June 1st at 00:00 with a life time of 5 months using tor-gencert, then the new authority signing certificate will expire November 1st at 00:00.

If I create a new identity signing key on June 1st at 00:00 with a life time of 5 months using tor, then the new identity signing cert will expire October 31st at 06:00.

Obviously this disagreement is suboptimal.

Child Tickets

Change History (7)

comment:1 Changed 3 years ago by nickm

Milestone: Tor: 0.2.???

comment:2 Changed 3 years ago by arma

Seems to me that the former is the more expected definition of a month.

Is the issue on Tor's side in confparse.c where we say

  { "month",    2629728, }, /* about 30.437 days */

?

That one actually seems tough to resolve, since I want the units on Tor's config options to be ... well, deterministic would be a good start, right?

To be clear, weasel, you were setting something like SigningKeyLifetime 5 months in your torrc file?

comment:3 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:4 Changed 3 years ago by weasel

I think I was setting it on the command line, but same difference, yes.

I create both authority and identity certs with the same, round starting timestamp, and I want both certificates to also expire at the same time.

For now I do that by manually figuring out for how many days the certs should live, and then specify the lifetime in days.

comment:5 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:6 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:7 Changed 2 years ago by nickm

Keywords: tor-dirauth timekeeping month days small annoying added
Note: See TracTickets for help on using tickets.