summaryrefslogtreecommitdiff
path: root/src/or/dirserv.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2016-11-10 12:41:17 -0500
committerNick Mathewson <nickm@torproject.org>2016-12-08 16:47:59 -0500
commit3d7e485402752d21d01cdf36ae1102d4b013fe85 (patch)
treef6ee25e75c27d05e8c6bf7e353f08039d0d28eb3 /src/or/dirserv.c
parent7daf15217240acefaf2ef802b6d89e04f4e51cae (diff)
downloadtor-3d7e485402752d21d01cdf36ae1102d4b013fe85.tar.gz
tor-3d7e485402752d21d01cdf36ae1102d4b013fe85.zip
Add an option to disable dirauth ed25519 link key checks.
If there is some horrible bug in our ed25519 link authentication code that causes us to label every single ed25519-having node as non-running, we'll be glad we had this. Otherwise we can remove it later.
Diffstat (limited to 'src/or/dirserv.c')
-rw-r--r--src/or/dirserv.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index d060b297a7..0b896a2845 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -3186,7 +3186,8 @@ dirserv_orconn_tls_done(const tor_addr_t *addr,
ri = node->ri;
- if (ri->cache_info.signing_key_cert) {
+ if (get_options()->AuthDirTestEd25519LinkKeys &&
+ ri->cache_info.signing_key_cert) {
/* We allow the node to have an ed25519 key if we haven't been told one in
* the routerinfo, but if we *HAVE* been told one in the routerinfo, it
* needs to match. */
@@ -3256,6 +3257,7 @@ dirserv_should_launch_reachability_test(const routerinfo_t *ri,
void
dirserv_single_reachability_test(time_t now, routerinfo_t *router)
{
+ const or_options_t *options = get_options();
channel_t *chan = NULL;
node_t *node = NULL;
tor_addr_t router_addr;
@@ -3266,7 +3268,8 @@ dirserv_single_reachability_test(time_t now, routerinfo_t *router)
node = node_get_mutable_by_id(router->cache_info.identity_digest);
tor_assert(node);
- if (node_supports_ed25519_link_authentication(node)) {
+ if (options->AuthDirTestEd25519LinkKeys &&
+ node_supports_ed25519_link_authentication(node)) {
ed_id_key = &router->cache_info.signing_key_cert->signing_key;
} else {
ed_id_key = NULL;