Merge branch 'maint-0.3.2'

author: Nick Mathewson <nickm@torproject.org> 2017-12-20 11:19:23 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-12-20 11:19:23 -0500
commit: a499be33b88d390223581d49c3f3d90e00bf5d6d (patch)
tree: 961e1d01c1bd3be13c1a83abaa4e234e30ac8383 /src/common/tortls.c
parent: 7ca0a9c4aec374f5fbddc7847c543c5ba9e44869 (diff)
parent: 565ec6100f8cb7e0f688537f7d6861aa03d83bf6 (diff)
download: tor-a499be33b88d390223581d49c3f3d90e00bf5d6d.tar.gz
tor-a499be33b88d390223581d49c3f3d90e00bf5d6d.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 407603248f..86a876780a 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -491,11 +491,14 @@ tor_tls_create_certificate,(crypto_pk_t *rsa,
    * the past. */
   const time_t min_real_lifetime = 24*3600;
   const time_t start_granularity = 24*3600;
-  time_t earliest_start_time = now - cert_lifetime + min_real_lifetime
-    + start_granularity;
+  time_t earliest_start_time;
   /* Don't actually start in the future! */
-  if (earliest_start_time >= now)
+  if (cert_lifetime <= min_real_lifetime + start_granularity) {
     earliest_start_time = now - 1;
+  } else {
+    earliest_start_time = now + min_real_lifetime + start_granularity
+      - cert_lifetime;
+  }
   start_time = crypto_rand_time_range(earliest_start_time, now);
   /* Round the start time back to the start of a day. */
   start_time -= start_time % start_granularity;
author	Nick Mathewson <nickm@torproject.org>	2017-12-20 11:19:23 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-12-20 11:19:23 -0500
commit	a499be33b88d390223581d49c3f3d90e00bf5d6d (patch)
tree	961e1d01c1bd3be13c1a83abaa4e234e30ac8383 /src/common/tortls.c
parent	7ca0a9c4aec374f5fbddc7847c543c5ba9e44869 (diff)
parent	565ec6100f8cb7e0f688537f7d6861aa03d83bf6 (diff)
download	tor-a499be33b88d390223581d49c3f3d90e00bf5d6d.tar.gz tor-a499be33b88d390223581d49c3f3d90e00bf5d6d.zip