Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#4370 closed defect (fixed)

If the CERTS cell contains a cert with a scary time, don't warn unless it's from an authority

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Keywords: tor-client
Cc: bastik.public@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


At the bottom of command_process_netinfo_cell() we have some logic, when we hear a scary time from a netinfo cell, to check:

    if (router_digest_is_trusted_dir(conn->identity_digest))
      severity = LOG_WARN;
      severity = LOG_INFO;

We should repeat that logic when we get a scary time from a CERTS cell. Turns out those scary times (off by an hour or more) are reasonably common.

If you're quick, you can reproduce by running your Tor with "entrynode 0xABCD":

Nov 01 04:30:45.000 [debug] connection_or_process_cells_from_inbuf(): 14: starting, inbuf_datalen 1444 (0 pending in tls object).
Nov 01 04:30:45.000 [warn] Certificate not yet valid: is your system clock set incorrectly?
Nov 01 04:30:45.000 [warn] (certificate lifetime runs from Nov  1 12:15:08 2011 GMT through Oct 31 12:15:08 2012 GMT. Your time is Nov 01 08:30:45 2011 GMT.)
Nov 01 04:30:45.000 [info] command_process_cert_cell(): Received a bad CERT cell from The link certificate was not valid

Child Tickets

Change History (7)

comment:1 Changed 8 years ago by bastik

Cc: bastik.public@… added

comment:2 Changed 8 years ago by arma

This is the minor bug. See #4371 before trying to deploy a solution for this one.

(Also, both the certs and the netinfo cell have time hints in them. If we *do* decide to complain to the user, we probably shouldn't do it twice. I think netinfo is the more precise place.)

comment:3 Changed 8 years ago by shamrock

The confusion stems from the wording of the error message. For example, I am seeing:

Nov 02 23:43:40.000 [warn] Certificate not yet valid: is your system clock set incorrectly?
Nov 02 23:43:40.000 [warn] (certificate lifetime runs from Nov  3 02:15:27 2011 GMT through Nov  2 02:15:27 2012 GMT. Your time is Nov 02 22:43:40 2011 GMT.)

The verbiage is confusing, because the user will assume the invalid certificate in question is a cert created by the user's system rather than the cert of some other system that may have an incorrect time set.

comment:4 Changed 8 years ago by nickm

Status: newneeds_review

See branch bug4370 in my public repository. See also my comments on #4371

comment:5 Changed 8 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Actually, it looks like I already did most of this as part of followup to 4371. Checking in the remaining piece as 7992eb43c5d9313ad66d9fea46121a47d0ca997c .

comment:6 Changed 7 years ago by nickm

Keywords: tor-client added

comment:7 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.