nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-21 05:26:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
a9be768959
tor/changes/bug22460_case1
Nick Mathewson a9be768959 Bugfix: Regenerate more certificates when appropriate 
Previously we could sometimes change our signing key, but not
regenerate the certificates (signing->link and signing->auth) that
were signed with it.  Also, we would regularly replace our TLS x.509
link certificate (by rotating our TLS context) but not replace our
signing->link ed25519 certificate.  In both cases, the resulting
inconsistency would make other relays reject our link handshakes.

Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
2017-05-31 18:45:35 -04:00

11 lines
495 B
Plaintext
Raw Blame History

o Major bugfixes (relays, key management):
- Regenerate link and authentication certificates whenever the key that
signs them changes; also, regenerate link certificates whenever the
signed key changes. Previously, these processes were only weakly
coupled, and we relays could (for minutes to hours) wind up with an
inconsistent set of keys and certificates, which other relays
would not accept. Fixes two cases of bug 22460; bugfix on
0.3.0.1-alpha.
Reference in New Issue View Git Blame Copy Permalink