diff options
| author | Roger Dingledine <arma@torproject.org> | 2003-10-18 06:48:46 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2003-10-18 06:48:46 +0000 |
| commit | 61e180ceb1bf71f00903c671a82c9d04ae80a7cc (patch) | |
| tree | b8a3bdb40794e210db5d59b2e841c1b260fcd41a | |
| parent | a73a3a21f78498a73b91c5813a7eb58dc62c8ae2 (diff) | |
| download | tor-61e180ceb1bf71f00903c671a82c9d04ae80a7cc.tar.gz tor-61e180ceb1bf71f00903c671a82c9d04ae80a7cc.zip | |
start to track down the 'peer has invalid cert' bug
svn:r623
| -rw-r--r-- | src/common/tortls.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 5c65d59981..5882e0c786 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -463,22 +463,32 @@ tor_tls_verify(tor_tls *tls) return NULL; now = time(NULL); - if (X509_cmp_time(X509_get_notBefore(cert), &now) > 0) + if (X509_cmp_time(X509_get_notBefore(cert), &now) > 0) { + log_fn(LOG_WARN,"X509_get_notBefore(cert) is in the future"); goto done; - if (X509_cmp_time(X509_get_notAfter(cert), &now) < 0) + } + if (X509_cmp_time(X509_get_notAfter(cert), &now) < 0) { + log_fn(LOG_WARN,"X509_get_notAfter(cert) is in the past"); goto done; + } /* Get the public key. */ - if (!(pkey = X509_get_pubkey(cert))) + if (!(pkey = X509_get_pubkey(cert))) { + log_fn(LOG_WARN,"X509_get_pubkey returned null"); goto done; - if (X509_verify(cert, pkey) <= 0) + } + if (X509_verify(cert, pkey) <= 0) { + log_fn(LOG_WARN,"X509_verify on cert and pkey returned <= 0"); goto done; + } rsa = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); pkey = NULL; - if (!rsa) + if (!rsa) { + log_fn(LOG_WARN,"EVP_PKEY_get1_RSA(pkey) returned null"); goto done; + } r = _crypto_new_pk_env_rsa(rsa); rsa = NULL; |