Opened 11 years ago

Last modified 7 years ago

#851 closed defect (Fixed)

Authorities and clients don't mind expiry of v3 certificates

Reported by: karsten Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version: 0.2.1.5-alpha
Severity: Keywords:
Cc: karsten Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The certificate of ides has expired on 2008-11-07 09:00:50, but the
authority continues signing the consensus and clients continue believing in
it:

0 unknown, 0 missing key, 6 good, 0 bad, 0 no signature, 4 required

Although dir-spec.txt does not specifically state whether authorities and
clients should behave differently, it says:

Authorities MUST generate a new signing key and corresponding
certificate before the key expires.

The current behavior should be changed so that a) authorities don't sign
the consensus with a known expired signing key, and b) clients should
check whether a certificate is still valid when validating a consensus.

Brought to attention by miner.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Attachments (1)

expired-cert-patch.txt (1.5 KB) - added by karsten 11 years ago.
Patch

Download all attachments as: .zip

Change History (3)

Changed 11 years ago by karsten

Attachment: expired-cert-patch.txt added

Patch

comment:1 Changed 11 years ago by karsten

flyspray2trac: bug closed.
some of r17208--r17214

comment:2 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.