diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-11-14 09:37:41 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-11-14 09:37:41 -0500 |
| commit | f6e07c158f3d161e570e34ab6f4ca75f351df3a6 (patch) | |
| tree | c7fa2e2e3c43da750fd798ef166bdd08c2d6ff00 /src/or/routerparse.c | |
| parent | a82b18f2168ce19e0637740fed5746d6daac4e3a (diff) | |
| download | tor-f6e07c158f3d161e570e34ab6f4ca75f351df3a6.tar.gz tor-f6e07c158f3d161e570e34ab6f4ca75f351df3a6.zip | |
Make the dir-key-crosscert element required
In proposal 157, we added a cross-certification element for
directory authority certificates. We implemented it in
0.2.1.9-alpha. All Tor directory authorities now generate it.
Here, as planned, make it required, so that we can finally close
proposal 157.
The biggest change in the code is in the unit test data, where some
old hardcoded certs that we made long ago have become no longer
valid and now need to be replaced.
Diffstat (limited to 'src/or/routerparse.c')
| -rw-r--r-- | src/or/routerparse.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 890d59660a..86917520cd 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -386,7 +386,7 @@ static token_rule_t dir_footer_token_table[] = { T1("dir-key-published",K_DIR_KEY_PUBLISHED, CONCAT_ARGS, NO_OBJ), \ T1("dir-key-expires", K_DIR_KEY_EXPIRES, CONCAT_ARGS, NO_OBJ), \ T1("dir-signing-key", K_DIR_SIGNING_KEY, NO_ARGS, NEED_KEY ),\ - T01("dir-key-crosscert", K_DIR_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),\ + T1("dir-key-crosscert", K_DIR_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),\ T1("dir-key-certification", K_DIR_KEY_CERTIFICATION, \ NO_ARGS, NEED_OBJ), \ T01("dir-address", K_DIR_ADDRESS, GE(1), NO_OBJ), @@ -1728,7 +1728,6 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string) log_debug(LD_DIR, "We already checked the signature on this " "certificate; no need to do so again."); found = 1; - cert->is_cross_certified = old_cert->is_cross_certified; } } if (!found) { @@ -1737,18 +1736,16 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string) goto err; } - if ((tok = find_opt_by_keyword(tokens, K_DIR_KEY_CROSSCERT))) { - /* XXXX Once all authorities generate cross-certified certificates, - * make this field mandatory. */ - if (check_signature_token(cert->cache_info.identity_digest, - DIGEST_LEN, - tok, - cert->signing_key, - CST_NO_CHECK_OBJTYPE, - "key cross-certification")) { - goto err; - } - cert->is_cross_certified = 1; + tok = find_by_keyword(tokens, K_DIR_KEY_CROSSCERT); + /* XXXX Once all authorities generate cross-certified certificates, + * make this field mandatory. */ + if (check_signature_token(cert->cache_info.identity_digest, + DIGEST_LEN, + tok, + cert->signing_key, + CST_NO_CHECK_OBJTYPE, + "key cross-certification")) { + goto err; } } |