#21420: Link certificate start date in the future --------------------------+------------------------------------ Reporter: mmcloughlin | Owner: nickm Type: defect | Status: needs_review Priority: Medium | Milestone: Tor: 0.3.0.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: 029-backport | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------+------------------------------------
Comment (by arma): I think you're right that commit 0196647 is the problem here. I suspect you're right that fixing the underlying math is the right answer. However, I'm unable to follow the math here: {{{ - start_time = crypto_rand_time_range(now - cert_lifetime, now) + 2*24*3600; + const time_t min_real_lifetime = 2*24*3600; + time_t earliest_start_time = now - cert_lifetime + min_real_lifetime; + if (earliest_start_time < now) + earliest_start_time = now; + start_time = crypto_rand_time_range(earliest_start_time, now); }}} Maybe some more comments to explain what we're computing, and *why*, would help? Looking at the origin commit, it seems maybe I wanted to say "- 2 days", not "+ 2 days". Would that resolve everything here? Maybe I am deeply confused, but won't {{{ + if (earliest_start_time < now) + earliest_start_time = now; + start_time = crypto_rand_time_range(earliest_start_time, now); }}} trigger the assert in crypto_rand_time_range() that min < max, since we'll be passing it "now, now"? -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21420#comment:5> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs