nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix code for checking expired certificates on load

Browse Source 
Fixes CID 1306915, which noticed that the check was dead.
This commit is contained in:
Nick Mathewson 2015-09-01 09:47:51 -04:00
parent 53c99cce5e
commit f64ef65b9d
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/or/routerkeys.c
View File

@ -482,10 +482,12 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
tor_log(severity, LD_OR, "Cert was for wrong key");
bad_cert = 1;
} else if (signing_key &&
tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 &&
(signing_key || cert->cert_expired)) {
tor_cert_checksig(cert, &signing_key->pubkey, now) < 0) {
tor_log(severity, LD_OR, "Can't check certificate");
bad_cert = 1;
} else if (cert->cert_expired) {
tor_log(severity, LD_OR, "Certificate is expired");
bad_cert = 1;
} else if (signing_key && cert->signing_key_included &&
! ed25519_pubkey_eq(&signing_key->pubkey, &cert->signing_key)) {
tor_log(severity, LD_OR, "Certificate signed by unexpectd key!");