Certificate rotation sometimes does not happen.
[Moved from bugzilla] Reporter: nickm@alum.mit.edu (Nick Mathewson)
Description: Opened: 2004-06-06 21:54
Sometimes, Mixminion servers become inoperable because they do not rotate their TLS certificates when they expire.
The cause for this bug is unknown. The bug has existed since at least 0.0.6.
You can tell that another server has come down with this bug because your log says something like:
Jun 06 00:55:08.643 -0400 [WARN] Certificate error: Invalid certificate from 'lakshmi' at mixminion.pseudonymity.net:48099 (fd 9): Certificate has expired [at Jun 6 00:05:00 2004 GMT]. Shutting down connection.
There are no such obvious signs on the failing server side, AFAIK.
As a band-aid, I could make TLS certificates get roatated daily, no matter what. (Right now, their rotation interval is tied to packet key rotation.) This is probably the right thing to do, but before I do it, I want to understand why on earth it is happening.
------- Additional Comments From Nick Mathewson 2004-06-23 21:51 -------
Actually, the diagnosis may be completely wrong. Looking at ServerKeys.py, it seems like (by default) certificates only have 5 minutes of sloppiness on either side of their lifetime. Thus, if anybody is skewed by more than 5 minutes, their certificate will be invalid for the amount of their clock skew.
Hm... I'll up the interval for now, but I really need a way to detect relative skew.
------- Additional Comments From Nick Mathewson 2004-08-26 05:12 -------
I think I might have it nailed now -- I changed the code to warn about clock skew when it downloads a directory, bumped up the skew tolerance, and rewrote the event scheduling code to be less clever and more obviously reliable. I also improved the warning messages so we can find out how badly expired certs are expired.
If anybody sees this problem when running CVS code, please let me know.
[Automatically added by flyspray2trac: Operating System: All]