Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Roger Dingledine@arma

If the CERTS cell contains a cert with a scary time, don't warn unless it's from an authority

At the bottom of command_process_netinfo_cell() we have some logic, when we hear a scary time from a netinfo cell, to check:

    if (router_digest_is_trusted_dir(conn->identity_digest))
      severity = LOG_WARN;
    else
      severity = LOG_INFO;

We should repeat that logic when we get a scary time from a CERTS cell. Turns out those scary times (off by an hour or more) are reasonably common.

If you're quick, you can reproduce by running your Tor with "entrynode 0xABCD":

Nov 01 04:30:45.000 [debug] connection_or_process_cells_from_inbuf(): 14: starting, inbuf_datalen 1444 (0 pending in tls object).
Nov 01 04:30:45.000 [warn] Certificate not yet valid: is your system clock set incorrectly?
Nov 01 04:30:45.000 [warn] (certificate lifetime runs from Nov  1 12:15:08 2011 GMT through Oct 31 12:15:08 2012 GMT. Your time is Nov 01 08:30:45 2011 GMT.)
Nov 01 04:30:45.000 [info] command_process_cert_cell(): Received a bad CERT cell from 120.50.40.184:9001: The link certificate was not valid
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information