nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

stop checking for clock skew, even for servers.

Browse Source 
this means we are vulnerable to an attack where somebody recovers
and uses a really old certificate. however, if they do that, they
probably can get our identity key just as easily.


svn:r3241
This commit is contained in:
Roger Dingledine 2005-01-03 17:10:32 +00:00
parent fdf8c55f30
commit 70075933c6
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/or/connection_or.c
View File

@ -391,6 +391,7 @@ connection_tls_finish_handshake(connection_t *conn) {
log_fn(LOG_WARN, "Identity key not as expected for router claiming to be '%s' (%s:%d) ", nickname, conn->address, conn->port);
return -1;
}
#if 0
if (router_get_by_digest(digest_rcvd)) {
/* This is a known router; don't cut it slack with its clock skew. */
if (tor_tls_check_lifetime(conn->tls, TIGHT_CERT_ALLOW_SKEW)<0) {
@ -399,6 +400,7 @@ connection_tls_finish_handshake(connection_t *conn) {
return -1;
}
}
#endif
if (connection_or_nonopen_was_started_here(conn)) {
/* I initiated this connection. */