View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005472 | GNUnet | GNS | public | 2018-11-06 12:00 | 2019-02-28 11:17 |
| Reporter | schanzen | Assigned To | schanzen | ||
| Priority | normal | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.11.0 | Fixed in Version | 0.11.0 | ||
| Summary | 0005472: GNS-Proxy and multiple TLSA records | ||||
| Description | while setting up letsencrypt we noticed that if you use TLSA in combination with it we might encounter problems with GNS proxy. First, from looking at the code I think it does not look like that multiple TLSA records are accepted (in fact, only the last record seems to be processed). However, in case server certificates are renewed, the server will use the new certificate usually _before_ the old certificate expires (as is the case with letsencrypt, usually). As far as I can see this problem can _not_ be remedied using shadow records. We must support multiple TLSA records (in the proxy) and the server administrator must make sure that there is a sufficient delay between TLSA record update and the server certificate update. See also: https://dane.sys4.de/common_mistakes, ctrl-f "planned cert". | ||||
| Tags | No tags attached. | ||||
|
|
Should be implemented in 748788145..21eec1db5 -- but I did not test it (lacking automated test case). So please test & report back! |
|
|
It works. I tested it. Test automation is difficult see https://gnunet.org/bugs/view.php?id=5514. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-11-06 12:00 | schanzen | New Issue | |
| 2018-11-12 20:18 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2018-11-12 20:18 | Christian Grothoff | Status | new => assigned |
| 2018-11-12 20:18 | Christian Grothoff | Product Version | => Git master |
| 2018-11-12 20:18 | Christian Grothoff | Target Version | => 0.11.0 |
| 2018-11-12 20:18 | Christian Grothoff | Description Updated | |
| 2018-11-12 20:56 | Christian Grothoff | Note Added: 0013334 | |
| 2018-11-12 20:58 | Christian Grothoff | Assigned To | Christian Grothoff => schanzen |
| 2018-11-12 20:58 | Christian Grothoff | Status | assigned => feedback |
| 2019-01-25 18:49 | schanzen | Note Added: 0013463 | |
| 2019-01-25 18:49 | schanzen | Status | feedback => resolved |
| 2019-01-25 18:49 | schanzen | Resolution | open => fixed |
| 2019-02-20 12:24 | Christian Grothoff | Fixed in Version | => 0.11.0 |
| 2019-02-28 11:17 | Christian Grothoff | Status | resolved => closed |
