diff options
author | Nick Mathewson <nickm@torproject.org> | 2004-11-15 04:28:24 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2004-11-15 04:28:24 +0000 |
commit | 930464c88931efa5f98f279343994f96639f69b5 (patch) | |
tree | cc431eae7ed6f43db0d452c9059b8f27118fb657 /src/or/connection_or.c | |
parent | f3650047df5e77e2e2bce07b6a76d643b50f7b16 (diff) | |
download | tor-930464c88931efa5f98f279343994f96639f69b5.tar.gz tor-930464c88931efa5f98f279343994f96639f69b5.zip |
Change "warn if unverified routers are very skewed" to "never warn about unverified router skew"
svn:r2885
Diffstat (limited to 'src/or/connection_or.c')
-rw-r--r-- | src/or/connection_or.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/or/connection_or.c b/src/or/connection_or.c index ca3edd536a..d96db8d0d2 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -15,9 +15,6 @@ /** How much clock skew do we tolerate when checking certificates for * known routers? (sec) */ #define TIGHT_CERT_ALLOW_SKEW (90*60) -/** How much clock skew do we tolerate when checking certificates for - * unknown routers/clients? (sec) */ -#define LOOSE_CERT_ALLOW_SKEW (24*60*60) static int connection_tls_finish_handshake(connection_t *conn); static int connection_or_process_cells_from_inbuf(connection_t *conn); @@ -369,11 +366,13 @@ connection_tls_finish_handshake(connection_t *conn) { nickname, conn->address, conn->port); return -1; } +#if 0 if(tor_tls_check_lifetime(conn->tls, LOOSE_CERT_ALLOW_SKEW)<0) { - log_fn(LOG_WARN,"Other side '%s' (%s:%d) has a very highly skewed clock, or an expired certificate. Closing.", + log_fn(LOG_WARN,"Other side '%s' (%s:%d) has a very highly skewed clock, or an expired certificate. Closing.", nickname, conn->address, conn->port); return -1; } +#endif log_fn(LOG_DEBUG,"The router's cert is valid."); crypto_pk_get_digest(identity_rcvd, digest_rcvd); @@ -394,7 +393,7 @@ connection_tls_finish_handshake(connection_t *conn) { if (router_get_by_digest(digest_rcvd)) { /* This is a known router; don't cut it slack with its clock skew. */ if(tor_tls_check_lifetime(conn->tls, TIGHT_CERT_ALLOW_SKEW)<0) { - log_fn(LOG_WARN,"Router '%s' (%s:%d) has a skewed clock, or an expired certificate. Closing.", + log_fn(LOG_WARN,"Router '%s' (%s:%d) has a skewed clock, or an expired certificate; or else our clock is skewed. Closing.", nickname, conn->address, conn->port); return -1; } |