diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-08-10 11:04:53 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-08-19 13:36:51 -0400 |
| commit | 426ef9c8eb1d88914ebff544d6704d5c6de23ba1 (patch) | |
| tree | 46fd067cdb1ea35f864c2fc01390a79b2ec0fa75 /src/or/routerkeys.c | |
| parent | c88a8a7ca38e3dd43dca913fbe22aee819420c4a (diff) | |
| download | tor-426ef9c8eb1d88914ebff544d6704d5c6de23ba1.tar.gz tor-426ef9c8eb1d88914ebff544d6704d5c6de23ba1.zip | |
More log messages for keygen problems
Diffstat (limited to 'src/or/routerkeys.c')
| -rw-r--r-- | src/or/routerkeys.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 025fa6f514..80b26e6bf8 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -246,6 +246,9 @@ write_secret_key(const ed25519_secret_key_t *key, int encrypted, * If INIT_ED_KEY_NO_REPAIR is set, and there is any issue loading the keys * from disk _other than their absence_ (full or partial), we do not try to * replace them. + * + * If INIT_ED_KEY_SUGGEST_KEYGEN is set, have log messages about failures + * refer to the --keygen option. */ ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, @@ -358,8 +361,12 @@ ed_key_init_from_file(const char *fname, uint32_t flags, /* If we have a secret key and we're reloading the public key, * the key must match! */ if (! ed25519_pubkey_eq(&keypair->pubkey, &pubkey_tmp)) { - tor_log(severity, LD_OR, "%s does not match %s!", - public_fname, loaded_secret_fname); + tor_log(severity, LD_OR, "%s does not match %s! If you are trying " + "to restore from backup, make sure you didn't mix up the " + "key files. If you are absolutely sure that %s is the right " + "key for this relay, delete %s or move it out of the way.", + public_fname, loaded_secret_fname, + loaded_secret_fname, public_fname); goto err; } } else { @@ -389,11 +396,17 @@ ed_key_init_from_file(const char *fname, uint32_t flags, !(flags & INIT_ED_KEY_MISSING_SECRET_OK)) { if (have_encrypted_secret_file) { tor_log(severity, LD_OR, "We needed to load a secret key from %s, " - "but it was encrypted. Try tor --keygen instead.", + "but it was encrypted. Try 'tor --keygen' instead, so you " + "can enter the passphrase.", secret_fname); } else { tor_log(severity, LD_OR, "We needed to load a secret key from %s, " - "but couldn't find it.", secret_fname); + "but couldn't find it. %s", secret_fname, + (flags & INIT_ED_KEY_SUGGEST_KEYGEN) ? + "If you're keeping your master secret key offline, you will " + "need to run 'tor --keygen' to generate new signing keys." : + "Did you forget to copy it over when you copied the rest of the " + "signing key material?"); } goto err; } |