spec conformance: allow only one cert of each type

This commit is contained in:
Nick Mathewson 2011-10-05 10:44:22 -04:00
parent e56d7a3809
commit d79ff2ce94

View File

@ -908,14 +908,27 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
"Received undecodable certificate in CERT cell from %s:%d", "Received undecodable certificate in CERT cell from %s:%d",
safe_str(conn->_base.address), conn->_base.port); safe_str(conn->_base.address), conn->_base.port);
} else { } else {
if (cert_type == OR_CERT_TYPE_TLS_LINK && !link_cert) if (cert_type == OR_CERT_TYPE_TLS_LINK) {
if (link_cert) {
tor_cert_free(cert);
ERR("Too many TLS_LINK certificates");
}
link_cert = cert; link_cert = cert;
else if (cert_type == OR_CERT_TYPE_ID_1024 && !id_cert) } else if (cert_type == OR_CERT_TYPE_ID_1024) {
if (id_cert) {
tor_cert_free(cert);
ERR("Too many ID_1024 certificates");
}
id_cert = cert; id_cert = cert;
else if (cert_type == OR_CERT_TYPE_AUTH_1024 && !auth_cert) } else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
if (auth_cert) {
tor_cert_free(cert);
ERR("Too many AUTH_1024 certificates");
}
auth_cert = cert; auth_cert = cert;
else } else {
tor_cert_free(cert); tor_cert_free(cert);
}
} }
} }
ptr += 3 + cert_len; ptr += 3 + cert_len;