Merge branch 'maint-0.3.2'

1 files changed, 8 insertions, 3 deletions

diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index af230f07bf..1933aaf4b6 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -536,7 +536,8 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
     bad_cert = 1;
   } else if (signing_key &&
              tor_cert_checksig(cert, &signing_key->pubkey, now) < 0) {
-    tor_log(severity, LD_OR, "Can't check certificate");
+    tor_log(severity, LD_OR, "Can't check certificate: %s",
+            tor_cert_describe_signature_status(cert));
     bad_cert = 1;
   } else if (cert->cert_expired) {
     tor_log(severity, LD_OR, "Certificate is expired");
@@ -872,8 +873,12 @@ load_ed_keys(const or_options_t *options, time_t now)
     if (! ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey))
       FAIL("The signing cert we have was not signed with the master key "
            "we loaded!");
-    if (tor_cert_checksig(sign_cert, &id->pubkey, 0) < 0)
-      FAIL("The signing cert we loaded was not signed correctly!");
+    if (tor_cert_checksig(sign_cert, &id->pubkey, 0) < 0) {
+      log_warn(LD_OR, "The signing cert we loaded was not signed "
+               "correctly: %s!",
+               tor_cert_describe_signature_status(sign_cert));
+      goto err;
+    }
   }
 
   if (want_new_signing_key && sign_signing_key_with_id) {