summaryrefslogtreecommitdiff
path: root/src/lib/tls/x509_openssl.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-08-23 14:03:00 -0400
committerNick Mathewson <nickm@torproject.org>2018-09-04 14:52:35 -0400
commit7163389b550a36fa017f700713405fc3c89dc234 (patch)
tree50bafc5964a7a9eac229d3b47635f1bb1050689f /src/lib/tls/x509_openssl.c
parent02086a216f15fd8c45e603a8d9bab482f60753f4 (diff)
downloadtor-7163389b550a36fa017f700713405fc3c89dc234.tar.gz
tor-7163389b550a36fa017f700713405fc3c89dc234.zip
Several unit tests to improve test coverage of x509*.c
Diffstat (limited to 'src/lib/tls/x509_openssl.c')
-rw-r--r--src/lib/tls/x509_openssl.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/tls/x509_openssl.c b/src/lib/tls/x509_openssl.c
index 28a30b66e1..f315b88f36 100644
--- a/src/lib/tls/x509_openssl.c
+++ b/src/lib/tls/x509_openssl.c
@@ -327,11 +327,15 @@ tor_tls_cert_is_valid(int severity,
if (check_rsa_1024 && cert_key) {
RSA *rsa = EVP_PKEY_get1_RSA(cert_key);
#ifdef OPENSSL_1_1_API
- if (rsa && RSA_bits(rsa) == 1024)
+ if (rsa && RSA_bits(rsa) == 1024) {
#else
- if (rsa && BN_num_bits(rsa->n) == 1024)
+ if (rsa && BN_num_bits(rsa->n) == 1024) {
#endif
key_ok = 1;
+ } else {
+ log_fn(severity, LD_CRYPTO, "Invalid certificate: Key is not RSA1024.");
+ }
+
if (rsa)
RSA_free(rsa);
} else if (cert_key) {