bugfix: only require the correct key if the nickname is for

a verified router


svn:r2084

1 files changed, 2 insertions, 1 deletions

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index bf9975d95e..4c07f1bec0 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -309,7 +309,8 @@ connection_tls_finish_handshake(connection_t *conn) {
   crypto_free_pk_env(identity_rcvd);
 
   router = router_get_by_nickname(nickname);
-  if(router && /* we know this nickname; make sure it's the right guy */
+  if(router && /* we know this nickname */
+     router->is_verified && /* make sure it's the right guy */
      memcmp(digest_rcvd, router->identity_digest, DIGEST_LEN) != 0) {
     log_fn(LOG_WARN, "Identity key not as expected for %s", nickname);
     return -1;