diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-07-14 11:27:49 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-07-14 11:27:49 -0400 |
| commit | 3fcb74e98b7247f9b35e8a5067bfa915e1705d3e (patch) | |
| tree | ba72630a274da038485a0505a58926d0f14d0144 /src/or/torcert.c | |
| parent | 13603265888d1e34b7a1ab8d83a361c0e9c34684 (diff) | |
| download | tor-3fcb74e98b7247f9b35e8a5067bfa915e1705d3e.tar.gz tor-3fcb74e98b7247f9b35e8a5067bfa915e1705d3e.zip | |
Add more consistency checks in load_ed_keys
Make sure that signing certs are signed by the right identity key,
to prevent a recurrence of #16530. Also make sure that the master
identity key we find on disk matches the one we have in RAM, if we
have one.
This is for #16581.
Diffstat (limited to 'src/or/torcert.c')
| -rw-r--r-- | src/or/torcert.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/or/torcert.c b/src/or/torcert.c index f028910a70..596cd2be31 100644 --- a/src/or/torcert.c +++ b/src/or/torcert.c @@ -181,9 +181,10 @@ tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out, return 0; } -/** Validates the signature on <b>cert</b> with <b>pubkey</b> relative to - * the current time <b>now</b>. Return 0 on success, -1 on failure. - * Sets flags in <b>cert</b> as appropriate. +/** Validates the signature on <b>cert</b> with <b>pubkey</b> relative to the + * current time <b>now</b>. (If <b>now</b> is 0, do not check the expiration + * time.) Return 0 on success, -1 on failure. Sets flags in <b>cert</b> as + * appropriate. */ int tor_cert_checksig(tor_cert_t *cert, @@ -192,7 +193,7 @@ tor_cert_checksig(tor_cert_t *cert, ed25519_checkable_t checkable; int okay; - if (now > cert->valid_until) { + if (now && now > cert->valid_until) { cert->cert_expired = 1; return -1; } |