Merge branch 'maint-0.3.2'

author: Nick Mathewson <nickm@torproject.org> 2018-01-31 09:19:55 -0500
committer: Nick Mathewson <nickm@torproject.org> 2018-01-31 09:19:55 -0500
commit: c0447033f5e1032be379b9b78d9085f71fd51bd6 (patch)
tree: 9fc16176eca8ccab792aa9e460ed689e08d10a5c /src/or/hs_client.c
parent: d2ae1bfcb314965fd1ff1353308da0e92a00c958 (diff)
parent: ee5c624bebbc8e823ed49fe563fd56294fb226d4 (diff)
download: tor-c0447033f5e1032be379b9b78d9085f71fd51bd6.tar.gz
tor-c0447033f5e1032be379b9b78d9085f71fd51bd6.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/or/hs_client.c b/src/or/hs_client.c
index c863475aff..2999f85d3e 100644
--- a/src/or/hs_client.c
+++ b/src/or/hs_client.c
@@ -1235,10 +1235,12 @@ hs_client_decode_descriptor(const char *desc_str,
   /* Make sure the descriptor signing key cross certifies with the computed
    * blinded key. Without this validation, anyone knowing the subcredential
    * and onion address can forge a descriptor. */
-  if (tor_cert_checksig((*desc)->plaintext_data.signing_key_cert,
+  tor_cert_t *cert = (*desc)->plaintext_data.signing_key_cert;
+  if (tor_cert_checksig(cert,
                         &blinded_pubkey, approx_time()) < 0) {
     log_warn(LD_GENERAL, "Descriptor signing key certificate signature "
-                         "doesn't validate with computed blinded key.");
+             "doesn't validate with computed blinded key: %s",
+             tor_cert_describe_signature_status(cert));
     goto err;
   }
author	Nick Mathewson <nickm@torproject.org>	2018-01-31 09:19:55 -0500
committer	Nick Mathewson <nickm@torproject.org>	2018-01-31 09:19:55 -0500
commit	c0447033f5e1032be379b9b78d9085f71fd51bd6 (patch)
tree	9fc16176eca8ccab792aa9e460ed689e08d10a5c /src/or/hs_client.c
parent	d2ae1bfcb314965fd1ff1353308da0e92a00c958 (diff)
parent	ee5c624bebbc8e823ed49fe563fd56294fb226d4 (diff)
download	tor-c0447033f5e1032be379b9b78d9085f71fd51bd6.tar.gz tor-c0447033f5e1032be379b9b78d9085f71fd51bd6.zip