#22460: Received a bad CERTS cell: Link certificate does not match TLS certificate -------------------------------------------------+------------------------- Reporter: teor | Owner: Type: defect | Status: new Priority: High | Milestone: Tor: | 0.3.1.x-final Component: Core Tor/Tor | Version: Severity: Major | Resolution: Keywords: tor-relay certs handshake ed25519 | Actual Points: needs-analysis 030-backport | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by nickm): The above explanation explains the "At least one Ed25519 certificate was badly signed" thing, and it explains the "Link certificate does not match TLS certificate" thing. I bet that the "The link certificate didn't match the TLS public key" thing is similar, but I'm not sure. More investigation needed. The "Crosscert is expired" case is still mysterious. It looks as if we were passing 0 or -1 to load_ed_keys() for "now", but looking at the code in maint-0.3.0, I don't see how we could actually do that. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22460#comment:24> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs