diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-08-10 20:02:03 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-11-03 08:37:22 -0400 |
| commit | 0b4221f98dbb93c9322e7a778f04bcbcfcc79738 (patch) | |
| tree | 7bae3403a060841faa121ecab87aff4b9cf86e52 /src/or/torcert.c | |
| parent | e3c825372180be00aff9c8e5cde60ea36d141f8c (diff) | |
| download | tor-0b4221f98dbb93c9322e7a778f04bcbcfcc79738.tar.gz tor-0b4221f98dbb93c9322e7a778f04bcbcfcc79738.zip | |
Make the current time an argument to x509 cert-checking functions
This makes the code a bit cleaner by having more of the functions be
pure functions that don't depend on the current time.
Diffstat (limited to 'src/or/torcert.c')
| -rw-r--r-- | src/or/torcert.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/or/torcert.c b/src/or/torcert.c index 94382f6e64..b7ed7f8083 100644 --- a/src/or/torcert.c +++ b/src/or/torcert.c @@ -431,7 +431,8 @@ or_handshake_certs_free(or_handshake_certs_t *certs) int or_handshake_certs_rsa_ok(int severity, or_handshake_certs_t *certs, - tor_tls_t *tls) + tor_tls_t *tls, + time_t now) { tor_x509_cert_t *link_cert = certs->link_cert; tor_x509_cert_t *auth_cert = certs->auth_cert; @@ -442,17 +443,19 @@ or_handshake_certs_rsa_ok(int severity, ERR("The certs we wanted were missing"); if (! tor_tls_cert_matches_key(tls, link_cert)) ERR("The link certificate didn't match the TLS public key"); - if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, 0)) + if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, now, 0)) ERR("The link certificate was not valid"); - if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, 1)) + if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, now, 1)) ERR("The ID certificate was not valid"); } else { if (! (id_cert && auth_cert)) ERR("The certs we wanted were missing"); - /* Remember these certificates so we can check an AUTHENTICATE cell */ - if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, 1)) + /* Remember these certificates so we can check an AUTHENTICATE cell + * XXXX make sure we do that + */ + if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, now, 1)) ERR("The authentication certificate was not valid"); - if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, 1)) + if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, now, 1)) ERR("The ID certificate was not valid"); } |