diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-10-08 08:32:00 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-05-28 10:41:49 -0400 |
| commit | 592a43910706a67048c7d05e45d35dc79712820a (patch) | |
| tree | be4ae3a131e54248a845bea08e9d3c688bec3ce6 /src/or/router.c | |
| parent | eacbe03c71a9ddc7c3745ef8da88580a60021201 (diff) | |
| download | tor-592a43910706a67048c7d05e45d35dc79712820a.tar.gz tor-592a43910706a67048c7d05e45d35dc79712820a.zip | |
Tie key-pinning logic into directory authority operation
With this patch:
* Authorities load the key-pinning log at startup.
* Authorities open a key-pinning log for writing at startup.
* Authorities reject any router with an ed25519 key where they have
previously seen that ed25519 key with a different RSA key, or vice
versa.
* Authorities warn about, but *do not* reject, RSA-only descriptors
when the RSA key has previously gone along with an Ed25519 key.
(We should make this a 'reject' too, but we can't do that until we're
sure there's no legit reason to downgrade to 0.2.5.)
Diffstat (limited to 'src/or/router.c')
| -rw-r--r-- | src/or/router.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/or/router.c b/src/or/router.c index 97c2b8398d..242ec055c6 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -2343,7 +2343,8 @@ router_dump_router_to_string(routerinfo_t *router, !ed25519_pubkey_eq(&router->signing_key_cert->signed_key, &signing_keypair->pubkey)) { log_warn(LD_BUG, "Tried to sign a router descriptor with a mismatched " - "ed25519 key chain"); + "ed25519 key chain %d", + router->signing_key_cert->signing_key_included); goto err; } } |