#22460: Link handshake trouble: certificates and keys can get out of sync -------------------------------------------------+------------------------- Reporter: teor | Owner: Type: defect | Status: | needs_revision Priority: High | Milestone: Tor: | 0.3.1.x-final Component: Core Tor/Tor | Version: Severity: Major | Resolution: Keywords: tor-relay certs handshake ed25519 | Actual Points: 1 needs-analysis 030-backport 029-backport | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by nickm): Thanks for the reviews! Except as noted, I've made the requested changes. George, you successfully found a major bug in the "bug22460_case2_029_01" branch: I should have been calling SSL_get_certificate(), not SSL_get_peer_certificate(). Replying to [comment:33 dgoulet]: > Second thing, maybe `tor_x509_cert_dup()` should be unit test only for now? It's dead code if no unit tests. Good catch. If you don't mind, I'd like to leave it in: there are a few other places where we should be using it IIRC where we have silly kludges instead. Replying to [comment:34 asn]: > Are we sure that there is no chance we will leave own_link_cert uninitialized? Take another look at add_ed25519_cert(): it is a no-op if cert is NULL. I'll update the documentation comment to make the behavior explicit, and add a tor_assert_nonfatal(). -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22460#comment:35> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs