From 0f79fb51e5653cbc82a0066423c833cafb656542 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 2 Feb 2017 10:35:14 -0500 Subject: [PATCH] dirauth: Fix for calling routers unreachable for wrong ed25519 Previously the dirserv_orconn_tls_done() function would skip routers when they advertised an ed25519 key but didn't present it during the link handshake. But that covers all versions between 0.2.7.2-alpha and 0.2.9.x inclusive! Fixes bug 21107; bugfix on 0.3.0.1-alpha. --- changes/bug21107 | 6 ++++++ src/or/dirserv.c | 1 + 2 files changed, 7 insertions(+) create mode 100644 changes/bug21107 diff --git a/changes/bug21107 b/changes/bug21107 new file mode 100644 index 0000000000..e9e4e788cb --- /dev/null +++ b/changes/bug21107 @@ -0,0 +1,6 @@ + o Major bugfixes (directory authority): + - When deciding whether we have just found a router to be reachable, + do not penalize it for not having performed an Ed25519 link handshake + if it does not claim to support an Ed25519 handshake. Previously, + we would treat such relays as non-running. + Fixes bug 21107; bugfix on 0.2.3.1-alpha. diff --git a/src/or/dirserv.c b/src/or/dirserv.c index d1670bf71a..f62f2d1c2f 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -3191,6 +3191,7 @@ dirserv_orconn_tls_done(const tor_addr_t *addr, ri = node->ri; if (get_options()->AuthDirTestEd25519LinkKeys && + node_supports_ed25519_link_authentication(node) && ri->cache_info.signing_key_cert) { /* We allow the node to have an ed25519 key if we haven't been told one in * the routerinfo, but if we *HAVE* been told one in the routerinfo, it