mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
81c466c34a
Before this commit, we would create the descriptor signing key certificate when first building the descriptor. In some extreme cases, it lead to the expiry of the certificate which triggers a BUG() when encoding the descriptor before uploading. Ticket #27838 details a possible scenario in which this can happen. It is an edge case where tor losts internet connectivity, notices it and closes all circuits. When it came back up, the HS subsystem noticed that it had no introduction circuits, created them and tried to upload the descriptor. However, in the meantime, if tor did lack a live consensus because it is currently seeking to download one, we would consider that we don't need to rotate the descriptors leading to using the expired signing key certificate. That being said, this commit does a bit more to make this process cleaner. There are a series of things that we need to "refresh" before uploading a descriptor: signing key cert, intro points and revision counter. A refresh function is added to deal with all mutable descriptor fields. It in turn simplified a bit the code surrounding the creation of the plaintext data. We keep creating the cert when building the descriptor in order to accomodate the unit tests. However, it is replaced every single time the descriptor is uploaded. Fixes #27838 Signed-off-by: David Goulet <dgoulet@torproject.org>
5 lines
250 B
Plaintext
5 lines
250 B
Plaintext
o Minor bugfixes (hidden service v3):
|
|
- Build the service descriptor signing key certificate before uploading so
|
|
we always have a fresh one leaving no chances for it to expire service
|
|
side. Fixes bug 27838; bugfix on 0.3.2.1-alpha.
|