Opened 12 years ago

Last modified 7 years ago

#606 closed defect (Fixed)

v3 authorities forgetting certs at restart

Reported by: arma Owned by: nickm
Priority: Low Milestone: 0.2.0.x-rc
Component: Core Tor/Tor Version: 0.2.0.18-alpha
Severity: Keywords:
Cc: arma, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

moria1 (running r13476) forgets all its certs every time it restarts.

-rw------- 1 tord tord 9804 2008-02-11 23:45 cached-certs

...
Feb 12 15:27:55.253 [info] init_keys(): adding my own v3 cert
Feb 12 15:27:55.253 [info] trusted_dirs_load_certs_from_string(): Adding downloa
ded certificate for directory authority moria1 with signing key CCB7170F6B270B44
301712DD7BC04BF9515AF374
Feb 12 15:27:55.254 [debug] mp_pool_new(): Capacity is 992, item size is 528, al
loc size is 523776
Feb 12 15:27:55.254 [debug] authority_cert_parse_from_string(): We already check
ed the signature on this certificate; no need to do so again.
Feb 12 15:27:55.254 [info] trusted_dirs_load_certs_from_string(): Skipping cache
d certificate for moria1 that we already have.
Feb 12 15:27:55.288 [info] router_set_networkstatus_v2(): Setting networkstatus
cached from directory server "moria1" at 128.31.0.34:9031 (published 2008-02-12
20:26:30)
Feb 12 15:27:55.398 [info] router_set_networkstatus_v2(): Setting networkstatus
cached from directory server "tor26" at 86.59.21.38:80 (published 2008-02-12 20:
20:21)
Feb 12 15:27:55.482 [info] router_set_networkstatus_v2(): Setting networkstatus
cached from directory server "moria2" at 128.31.0.34:9032 (published 2008-02-12
20:20:08)
Feb 12 15:27:55.568 [info] router_set_networkstatus_v2(): Setting networkstatus
cached from directory server "dizum" at 194.109.206.212:80 (published 2008-02-12

20:20:01)

Feb 12 15:27:55.653 [info] router_set_networkstatus_v2(): Setting networkstatus
cached from directory server "lefkada" at 140.247.60.64:80 (published 2008-02-12

20:22:06)

Feb 12 15:27:55.741 [info] networkstatus_check_consensus_signature(): Looks like

we need to download a new certificate from authority 'lefkada' at 140.247.60.64

:80 (contact 1024D/0E606699 Geoff Goodell <goodell@…>; identity 0
D95B91896E6089AB9A3C6CB56E724CAF898C43F)
Feb 12 15:27:55.741 [info] networkstatus_check_consensus_signature(): Looks like

we need to download a new certificate from authority 'ides' at 216.224.124.114:

9030 (contact Mike Perry <mikeperryTAfsckedTODorg>; identity 27B6B5996C426270A5C
95488AA5BCEB6BCC86956)
Feb 12 15:27:55.741 [info] networkstatus_check_consensus_signature(): Looks like

we need to download a new certificate from authority 'dannenberg' at dannenberg

.ccc.de:80 (contact J. Random Hacker <anonymizer@…>; identity 585769C78764D
58426B8B52B6651A5A71137189A)
Feb 12 15:27:55.741 [info] networkstatus_check_consensus_signature(): Looks like

we need to download a new certificate from authority 'tor26' at 86.59.21.38:80

(contact Peter Palfrader <peter@…> (PGP Key: 0x94C09C7F; Key fingerp
rint: 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F); identity A9AC67E64B20
0BBF2FA26DF194AC0469E2A948C6)
Feb 12 15:27:55.741 [info] networkstatus_check_consensus_signature(): Looks like

we need to download a new certificate from authority 'gabelmoo' at 88.198.7.215

:80 (contact 1024D/F7C11265 Karsten Loesing <karsten dot loesing AT gmx dot net>
; identity EAA879B5C75032E462CB018630D2D0DF46EBA606)
Feb 12 15:27:55.742 [warn] 0 unknown, 5 missing key, 1 good, 0 bad, 0 no signatu
re, 4 required
Feb 12 15:27:55.742 [notice] Not enough certificates to check networkstatus cons
ensus
Feb 12 15:27:55.742 [info] read_file_to_str(): Could not open "moria1/unverified
-consensus": No such file or directory
Feb 12 15:27:55.743 [info] read_file_to_str(): Could not open "/usr/local/share/
tor/fallback-consensus": No such file or directory
Feb 12 15:27:55.743 [notice] We're missing a certificate from authority with sig
ning key 783A368067E26CDD64205EFCF1C5066B5F55EDCB: launching request.
Feb 12 15:27:55.743 [notice] We're missing a certificate from authority with sig
ning key 250A21E163A25851BB574E80DC4E41AE86F60C89: launching request.
Feb 12 15:27:55.743 [notice] We're missing a certificate from authority with sig
ning key F0A23AD304A0CFF4C27B3D0AE23468FBDD4E88F0: launching request.
Feb 12 15:27:55.743 [notice] We're missing a certificate from authority with sig
ning key DAB9DC29E8CFEEEAF8F47F1DE144E2A2F89C4128: launching request.
Feb 12 15:27:55.743 [notice] We're missing a certificate from authority with sig
ning key 2A9EABF158D0D4BFFA6C4A8EDC84A4F6487FCE9B: launching request.
Feb 12 15:27:55.743 [info] router_pick_directory_server(): No reachable router e
ntries for dirservers. Trying them all again.

...

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (9)

comment:1 Changed 12 years ago by nickm

14:36 < nickm> re bug 606: can you confirm that moria currently has more than

one cert in its cache?

14:36 < nickm> like, on disk?
14:38 <@arma> checking
14:39 <@arma> -rw------- 1 tord tord 9804 2008-02-12 17:33 cached-certs
14:39 <@arma> $ grep dir-key-certificate-version cached-certs |wc -l
14:39 <@arma> 6

comment:2 Changed 12 years ago by nickm

Possibly addressed in r13547; possibly not. In any case, there are some slightly more helpful debugging
logs when parsing certs from the cache; let me know what happens on startup at loglevel debug now?

comment:3 Changed 12 years ago by arma

Feb 20 17:49:12.999 [info] init_keys(): adding my own v3 cert
Feb 20 17:49:13.000 [debug] trusted_dirs_load_certs_from_string(): Parsed certif
icate for moria1
Feb 20 17:49:13.000 [info] trusted_dirs_load_certs_from_string(): Adding downloa
ded certificate for directory authority moria1 with signing key CCB7170F6B270B44
301712DD7BC04BF9515AF374
Feb 20 17:49:13.009 [debug] mp_pool_new(): Capacity is 248, item size is 528, al
loc size is 130944
Feb 20 17:49:13.010 [debug] authority_cert_parse_from_string(): We already check
ed the signature on this certificate; no need to do so again.
Feb 20 17:49:13.010 [debug] trusted_dirs_load_certs_from_string(): Parsed certif
icate for moria1
Feb 20 17:49:13.010 [info] trusted_dirs_load_certs_from_string(): Skipping cache
d certificate for moria1 that we already have.
Feb 20 17:49:13.040 [info] router_set_networkstatus_v2(): Setting networkstatus
cached from directory server "moria1" at 128.31.0.34:9031 (published 2008-02-20
22:40:33)
Feb 20 17:49:13.125 [info] router_set_networkstatus_v2(): Setting networkstatus
cached from directory server "tor26" at 86.59.21.38:80 (published 2008-02-20 22:
32:27)
Feb 20 17:49:13.216 [info] router_set_networkstatus_v2(): Setting networkstatus
cached from directory server "moria2" at 128.31.0.34:9032 (published 2008-02-20
22:32:23)
Feb 20 17:49:13.300 [info] router_set_networkstatus_v2(): Setting networkstatus
cached from directory server "dizum" at 194.109.206.212:80 (published 2008-02-20

22:32:16)

Feb 20 17:49:13.383 [info] router_set_networkstatus_v2(): Setting networkstatus
cached from directory server "lefkada" at 140.247.60.64:80 (published 2008-02-20

22:32:30)

Feb 20 17:49:13.487 [info] networkstatus_check_consensus_signature(): Looks like

we need to download a new certificate from authority 'lefkada' at 140.247.60.64

:80 (contact 1024D/0E606699 Geoff Goodell <goodell@…>; identity 0
D95B91896E6089AB9A3C6CB56E724CAF898C43F)
Feb 20 17:49:13.487 [info] networkstatus_check_consensus_signature(): Looks like

we need to download a new certificate from authority 'ides' at 216.224.124.114:

9030 (contact Mike Perry <mikeperryTAfsckedTODorg>; identity 27B6B5996C426270A5C
95488AA5BCEB6BCC86956)
Feb 20 17:49:13.487 [info] networkstatus_check_consensus_signature(): Looks like

we need to download a new certificate from authority 'dannenberg' at dannenberg

.ccc.de:80 (contact J. Random Hacker <anonymizer@…>; identity 585769C78764D
58426B8B52B6651A5A71137189A)
Feb 20 17:49:13.487 [info] networkstatus_check_consensus_signature(): Looks like

we need to download a new certificate from authority 'tor26' at 86.59.21.38:80

(contact Peter Palfrader <peter@…> (PGP Key: 0x94C09C7F; Key fingerp
rint: 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F); identity A9AC67E64B20
0BBF2FA26DF194AC0469E2A948C6)
Feb 20 17:49:13.487 [info] networkstatus_check_consensus_signature(): Looks like

we need to download a new certificate from authority 'gabelmoo' at 88.198.7.215

:80 (contact 1024D/F7C11265 Karsten Loesing <karsten dot loesing AT gmx dot net>
; identity EAA879B5C75032E462CB018630D2D0DF46EBA606)
Feb 20 17:49:13.487 [warn] 0 unknown, 5 missing key, 1 good, 0 bad, 0 no signatu
re, 4 required
Feb 20 17:49:13.487 [notice] Not enough certificates to check networkstatus cons
ensus
Feb 20 17:49:13.488 [info] read_file_to_str(): Could not open "moria1/unverified
-consensus": No such file or directory
Feb 20 17:49:13.488 [info] read_file_to_str(): Could not open "/usr/local/share/
tor/fallback-consensus": No such file or directory
Feb 20 17:49:13.488 [notice] We're missing a certificate from authority with sig
ning key 783A368067E26CDD64205EFCF1C5066B5F55EDCB: launching request.
Feb 20 17:49:13.489 [notice] We're missing a certificate from authority with sig
ning key 250A21E163A25851BB574E80DC4E41AE86F60C89: launching request.
Feb 20 17:49:13.489 [notice] We're missing a certificate from authority with sig
ning key F0A23AD304A0CFF4C27B3D0AE23468FBDD4E88F0: launching request.
Feb 20 17:49:13.489 [notice] We're missing a certificate from authority with sig
ning key DAB9DC29E8CFEEEAF8F47F1DE144E2A2F89C4128: launching request.
Feb 20 17:49:13.489 [notice] We're missing a certificate from authority with sig
ning key 2A9EABF158D0D4BFFA6C4A8EDC84A4F6487FCE9B: launching request.
Feb 20 17:49:13.489 [info] router_pick_directory_server(): No reachable router e
ntries for dirservers. Trying them all again.
Feb 20 17:49:13.489 [info] router_pick_directory_server(): Still no reachable ro
uter entries. Reloading and trying again.
Feb 20 17:49:13.490 [debug] router_parse_list_from_string(): Read router 'DasGru
ndgesetz', purpose 'general'
...
Feb 20 17:49:15.274 [debug] router_parse_list_from_string(): Read router 'sunfis
h', purpose 'general'
Feb 20 17:49:15.274 [info] router_load_routers_from_string(): 7744 elements to a
dd
Feb 20 17:49:15.274 [debug] dirserv_get_status_impl(): 1607 fingerprints, 1619 d
igests known.
Feb 20 17:49:15.274 [debug] dirserv_get_status_impl(): Good fingerprint for 'Das
Grundgesetz'
...
Feb 20 17:49:17.630 [info] router_rebuild_store(): Rebuilding extra-info documen
ts cache
Feb 20 17:49:17.638 [info] router_rebuild_store(): Reconstructing pointers into
cache
Feb 20 17:49:17.666 [info] directory_get_from_dirserver(): No router found for a
uthority cert fetch; falling back to dirserver list.
...

comment:4 Changed 12 years ago by arma

(Above is running r13629, and started with all 6 certs in its cached-certs file.)

comment:5 Changed 12 years ago by arma

I just deleted moria1/cached-certs, and it shows similar loading lines:

Feb 20 18:12:00.762 [info] init_keys(): adding my own v3 cert
Feb 20 18:12:00.762 [debug] trusted_dirs_load_certs_from_string(): Parsed certif
icate for moria1
Feb 20 18:12:00.762 [info] trusted_dirs_load_certs_from_string(): Adding downloa
ded certificate for directory authority moria1 with signing key CCB7170F6B270B44
301712DD7BC04BF9515AF374
Feb 20 18:12:00.763 [debug] mp_pool_new(): Capacity is 248, item size is 528, al
loc size is 130944
Feb 20 18:12:00.763 [debug] authority_cert_parse_from_string(): We already check
ed the signature on this certificate; no need to do so again.
Feb 20 18:12:00.763 [debug] trusted_dirs_load_certs_from_string(): Parsed certif
icate for moria1
Feb 20 18:12:00.763 [info] trusted_dirs_load_certs_from_string(): Skipping cache
d certificate for moria1 that we already have.

comment:6 Changed 12 years ago by nickm

Should be fixed in r13630.

comment:7 Changed 12 years ago by nickm

arma confirms fix. closing.

comment:8 Changed 12 years ago by nickm

flyspray2trac: bug closed.

comment:9 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.