diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-01-26 13:55:25 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-01-26 13:55:25 -0500 |
| commit | ee5c624bebbc8e823ed49fe563fd56294fb226d4 (patch) | |
| tree | 173f584f3f03e6d62000dd0583b9b5f6521c069f /src/or/routerkeys.c | |
| parent | 6ba2881aec7299fb486ab0f821c4f2ddcc88190e (diff) | |
| download | tor-ee5c624bebbc8e823ed49fe563fd56294fb226d4.tar.gz tor-ee5c624bebbc8e823ed49fe563fd56294fb226d4.zip | |
When a tor_cert_T check fails, log the reason why.
Diagnostic attempt for 24972.
Diffstat (limited to 'src/or/routerkeys.c')
| -rw-r--r-- | src/or/routerkeys.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 7295c19653..f0973044b5 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -536,7 +536,8 @@ ed_key_init_from_file(const char *fname, uint32_t flags, bad_cert = 1; } else if (signing_key && tor_cert_checksig(cert, &signing_key->pubkey, now) < 0) { - tor_log(severity, LD_OR, "Can't check certificate"); + tor_log(severity, LD_OR, "Can't check certificate: %s", + tor_cert_describe_signature_status(cert)); bad_cert = 1; } else if (cert->cert_expired) { tor_log(severity, LD_OR, "Certificate is expired"); @@ -883,8 +884,12 @@ load_ed_keys(const or_options_t *options, time_t now) if (! ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey)) FAIL("The signing cert we have was not signed with the master key " "we loaded!"); - if (tor_cert_checksig(sign_cert, &id->pubkey, 0) < 0) - FAIL("The signing cert we loaded was not signed correctly!"); + if (tor_cert_checksig(sign_cert, &id->pubkey, 0) < 0) { + log_warn(LD_OR, "The signing cert we loaded was not signed " + "correctly: %s!", + tor_cert_describe_signature_status(sign_cert)); + goto err; + } } if (want_new_signing_key && sign_signing_key_with_id) { |