When a tor_cert_T check fails, log the reason why.

Diagnostic attempt for 24972.
author: Nick Mathewson <nickm@torproject.org> 2018-01-26 13:55:25 -0500
committer: Nick Mathewson <nickm@torproject.org> 2018-01-26 13:55:25 -0500
commit: ee5c624bebbc8e823ed49fe563fd56294fb226d4 (patch)
tree: 173f584f3f03e6d62000dd0583b9b5f6521c069f /src/or/hs_client.c
parent: 6ba2881aec7299fb486ab0f821c4f2ddcc88190e (diff)
download: tor-ee5c624bebbc8e823ed49fe563fd56294fb226d4.tar.gz
tor-ee5c624bebbc8e823ed49fe563fd56294fb226d4.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/or/hs_client.c b/src/or/hs_client.c
index 9ac653c721..551cf50554 100644
--- a/src/or/hs_client.c
+++ b/src/or/hs_client.c
@@ -1229,10 +1229,12 @@ hs_client_decode_descriptor(const char *desc_str,
   /* Make sure the descriptor signing key cross certifies with the computed
    * blinded key. Without this validation, anyone knowing the subcredential
    * and onion address can forge a descriptor. */
-  if (tor_cert_checksig((*desc)->plaintext_data.signing_key_cert,
+  tor_cert_t *cert = (*desc)->plaintext_data.signing_key_cert;
+  if (tor_cert_checksig(cert,
                         &blinded_pubkey, approx_time()) < 0) {
     log_warn(LD_GENERAL, "Descriptor signing key certificate signature "
-                         "doesn't validate with computed blinded key.");
+             "doesn't validate with computed blinded key: %s",
+             tor_cert_describe_signature_status(cert));
     goto err;
   }
author	Nick Mathewson <nickm@torproject.org>	2018-01-26 13:55:25 -0500
committer	Nick Mathewson <nickm@torproject.org>	2018-01-26 13:55:25 -0500
commit	ee5c624bebbc8e823ed49fe563fd56294fb226d4 (patch)
tree	173f584f3f03e6d62000dd0583b9b5f6521c069f /src/or/hs_client.c
parent	6ba2881aec7299fb486ab0f821c4f2ddcc88190e (diff)
download	tor-ee5c624bebbc8e823ed49fe563fd56294fb226d4.tar.gz tor-ee5c624bebbc8e823ed49fe563fd56294fb226d4.zip