Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge remote-tracking branch 'ffmancera-1/bug20522'

Nick Mathewson 7 years ago
parent
d018bf199c 6ed2ad0f00
commit
9ece027d60
2 changed files with 11 additions and 4 deletions
Split View Show Diff Stats
  1. 6 0
      changes/ticket20522
  2. 5 4
      src/or/dirserv.c

+ 6 - 0
changes/ticket20522
View File 

@@ -0,0 +1,6 @@
 
+  o Deprecated features:
 
+    - As we are not recommending 0.2.5 anymore we require relays that once had
 
+      an ed25519 key associated with their RSA key to always have that key
 
+      instead of allowing them to drop back to a version that didn't support
 
+      ed25519. This means they need to use a new RSA key if the want to
 
+      downgrade to an older version of tor without ed25519. Closes ticket 20522.

+ 5 - 4
src/or/dirserv.c
View File 

@@ -259,11 +259,12 @@ dirserv_load_fingerprint_file(void)
 
  * identity to stop doing so.  This is going to be essential for good identity
 
  * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
 
  * just sign fake descriptors missing the Ed25519 key.  But we won't actually
 
- * be able to prevent that kind of thing until we're confident that there
 
- * isn't actually a legit reason to downgrade to 0.2.5.  So for now, we have
 
- * to leave this #undef.
 
+ * be able to prevent that kind of thing until we're confident that there isn't
 
+ * actually a legit reason to downgrade to 0.2.5.  Now we are not recommending
 
+ * 0.2.5 anymore so there is no reason to keep the #undef.
 
  */
 
-#undef DISABLE_DISABLING_ED25519
 
+
 
+#define DISABLE_DISABLING_ED25519
 
 
 /** Check whether <b>router</b> has a nickname/identity key combination that
 
  * we recognize from the fingerprint list, or an IP we automatically act on