Fix code for checking expired certificates on load

Fixes CID 1306915, which noticed that the check was dead.
author: Nick Mathewson <nickm@torproject.org> 2015-09-01 09:47:51 -0400
committer: Nick Mathewson <nickm@torproject.org> 2015-09-01 09:47:51 -0400
commit: f64ef65b9d3297d2b039f1bec71192e0b73cd83b (patch)
tree: 8e39c696c7ab65f39d9dc15e97f57a03e571196d /src/or/routerkeys.c
parent: 53c99cce5ecf1d9df9245fc91f7c11ee73295293 (diff)
download: tor-f64ef65b9d3297d2b039f1bec71192e0b73cd83b.tar.gz
tor-f64ef65b9d3297d2b039f1bec71192e0b73cd83b.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 80b26e6bf8..1bf09515c8 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -482,10 +482,12 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
     tor_log(severity, LD_OR, "Cert was for wrong key");
     bad_cert = 1;
   } else if (signing_key &&
-             tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 &&
-             (signing_key || cert->cert_expired)) {
+             tor_cert_checksig(cert, &signing_key->pubkey, now) < 0) {
     tor_log(severity, LD_OR, "Can't check certificate");
     bad_cert = 1;
+  } else if (cert->cert_expired) {
+    tor_log(severity, LD_OR, "Certificate is expired");
+    bad_cert = 1;
   } else if (signing_key && cert->signing_key_included &&
              ! ed25519_pubkey_eq(&signing_key->pubkey, &cert->signing_key)) {
     tor_log(severity, LD_OR, "Certificate signed by unexpectd key!");
author	Nick Mathewson <nickm@torproject.org>	2015-09-01 09:47:51 -0400
committer	Nick Mathewson <nickm@torproject.org>	2015-09-01 09:47:51 -0400
commit	f64ef65b9d3297d2b039f1bec71192e0b73cd83b (patch)
tree	8e39c696c7ab65f39d9dc15e97f57a03e571196d /src/or/routerkeys.c
parent	53c99cce5ecf1d9df9245fc91f7c11ee73295293 (diff)
download	tor-f64ef65b9d3297d2b039f1bec71192e0b73cd83b.tar.gz tor-f64ef65b9d3297d2b039f1bec71192e0b73cd83b.zip