summaryrefslogtreecommitdiff
path: root/src/or/hs_client.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-01-26 13:55:25 -0500
committerNick Mathewson <nickm@torproject.org>2018-01-26 13:55:25 -0500
commitee5c624bebbc8e823ed49fe563fd56294fb226d4 (patch)
tree173f584f3f03e6d62000dd0583b9b5f6521c069f /src/or/hs_client.c
parent6ba2881aec7299fb486ab0f821c4f2ddcc88190e (diff)
downloadtor-ee5c624bebbc8e823ed49fe563fd56294fb226d4.tar.gz
tor-ee5c624bebbc8e823ed49fe563fd56294fb226d4.zip
When a tor_cert_T check fails, log the reason why.
Diagnostic attempt for 24972.
Diffstat (limited to 'src/or/hs_client.c')
-rw-r--r--src/or/hs_client.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/or/hs_client.c b/src/or/hs_client.c
index 9ac653c721..551cf50554 100644
--- a/src/or/hs_client.c
+++ b/src/or/hs_client.c
@@ -1229,10 +1229,12 @@ hs_client_decode_descriptor(const char *desc_str,
/* Make sure the descriptor signing key cross certifies with the computed
* blinded key. Without this validation, anyone knowing the subcredential
* and onion address can forge a descriptor. */
- if (tor_cert_checksig((*desc)->plaintext_data.signing_key_cert,
+ tor_cert_t *cert = (*desc)->plaintext_data.signing_key_cert;
+ if (tor_cert_checksig(cert,
&blinded_pubkey, approx_time()) < 0) {
log_warn(LD_GENERAL, "Descriptor signing key certificate signature "
- "doesn't validate with computed blinded key.");
+ "doesn't validate with computed blinded key: %s",
+ tor_cert_describe_signature_status(cert));
goto err;
}