patch from karsten to not use or accept expired certs. fixes bug 851.

svn:r17208
author: Nick Mathewson <nickm@torproject.org> 2008-11-07 13:38:49 +0000
committer: Nick Mathewson <nickm@torproject.org> 2008-11-07 13:38:49 +0000
commit: a15bdd3edd2ee922a685b256e4d1f0b6ac8986c0 (patch)
tree: 1d6a50d26adacdfd042b5a51811c945793c55450 /src/or/dirvote.c
parent: 311b8b274c4f2febbb6b695514ac06f2f79e9b51 (diff)
download: tor-a15bdd3edd2ee922a685b256e4d1f0b6ac8986c0.tar.gz
tor-a15bdd3edd2ee922a685b256e4d1f0b6ac8986c0.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index 611ee4e704..07bbb159b9 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -1568,6 +1568,7 @@ dirvote_perform_vote(void)
   networkstatus_t *ns;
   char *contents;
   pending_vote_t *pending_vote;
+  time_t now = time(NULL);
 
   int status;
   const char *msg = "";
@@ -1575,6 +1576,9 @@ dirvote_perform_vote(void)
   if (!cert || !key) {
     log_warn(LD_NET, "Didn't find key/certificate to generate v3 vote");
     return -1;
+  } else if (now < cert->expires) {
+    log_warn(LD_NET, "Can't generate v3 vote with expired certificate");
+    return -1;
   }
   if (!(ns = dirserv_generate_networkstatus_vote_obj(key, cert)))
     return -1;
author	Nick Mathewson <nickm@torproject.org>	2008-11-07 13:38:49 +0000
committer	Nick Mathewson <nickm@torproject.org>	2008-11-07 13:38:49 +0000
commit	a15bdd3edd2ee922a685b256e4d1f0b6ac8986c0 (patch)
tree	1d6a50d26adacdfd042b5a51811c945793c55450 /src/or/dirvote.c
parent	311b8b274c4f2febbb6b695514ac06f2f79e9b51 (diff)
download	tor-a15bdd3edd2ee922a685b256e4d1f0b6ac8986c0.tar.gz tor-a15bdd3edd2ee922a685b256e4d1f0b6ac8986c0.zip