Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #4370
Closed (moved) (moved)
Open
Created Nov 01, 2011 by Roger Dingledine@arma

If the CERTS cell contains a cert with a scary time, don't warn unless it's from an authority

At the bottom of command_process_netinfo_cell() we have some logic, when we hear a scary time from a netinfo cell, to check:

    if (router_digest_is_trusted_dir(conn->identity_digest))
      severity = LOG_WARN;
    else
      severity = LOG_INFO;

We should repeat that logic when we get a scary time from a CERTS cell. Turns out those scary times (off by an hour or more) are reasonably common.

If you're quick, you can reproduce by running your Tor with "entrynode 0xABCD":

Nov 01 04:30:45.000 [debug] connection_or_process_cells_from_inbuf(): 14: starting, inbuf_datalen 1444 (0 pending in tls object).
Nov 01 04:30:45.000 [warn] Certificate not yet valid: is your system clock set incorrectly?
Nov 01 04:30:45.000 [warn] (certificate lifetime runs from Nov  1 12:15:08 2011 GMT through Oct 31 12:15:08 2012 GMT. Your time is Nov 01 08:30:45 2011 GMT.)
Nov 01 04:30:45.000 [info] command_process_cert_cell(): Received a bad CERT cell from 120.50.40.184:9001: The link certificate was not valid
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking