diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-08-10 20:02:03 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-11-03 08:37:22 -0400 |
| commit | 0b4221f98dbb93c9322e7a778f04bcbcfcc79738 (patch) | |
| tree | 7bae3403a060841faa121ecab87aff4b9cf86e52 /src/or | |
| parent | e3c825372180be00aff9c8e5cde60ea36d141f8c (diff) | |
| download | tor-0b4221f98dbb93c9322e7a778f04bcbcfcc79738.tar.gz tor-0b4221f98dbb93c9322e7a778f04bcbcfcc79738.zip | |
Make the current time an argument to x509 cert-checking functions
This makes the code a bit cleaner by having more of the functions be
pure functions that don't depend on the current time.
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/channeltls.c | 3 | ||||
| -rw-r--r-- | src/or/torcert.c | 15 | ||||
| -rw-r--r-- | src/or/torcert.h | 4 |
3 files changed, 13 insertions, 9 deletions
diff --git a/src/or/channeltls.c b/src/or/channeltls.c index cf57c29afb..9315f80fb8 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1918,7 +1918,8 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) if (! or_handshake_certs_rsa_ok(severity, chan->conn->handshake_state->certs, - chan->conn->tls)) + chan->conn->tls, + time(NULL))) ERR("Invalid RSA certificates!"); if (chan->conn->handshake_state->started_here) { diff --git a/src/or/torcert.c b/src/or/torcert.c index 94382f6e64..b7ed7f8083 100644 --- a/src/or/torcert.c +++ b/src/or/torcert.c @@ -431,7 +431,8 @@ or_handshake_certs_free(or_handshake_certs_t *certs) int or_handshake_certs_rsa_ok(int severity, or_handshake_certs_t *certs, - tor_tls_t *tls) + tor_tls_t *tls, + time_t now) { tor_x509_cert_t *link_cert = certs->link_cert; tor_x509_cert_t *auth_cert = certs->auth_cert; @@ -442,17 +443,19 @@ or_handshake_certs_rsa_ok(int severity, ERR("The certs we wanted were missing"); if (! tor_tls_cert_matches_key(tls, link_cert)) ERR("The link certificate didn't match the TLS public key"); - if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, 0)) + if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, now, 0)) ERR("The link certificate was not valid"); - if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, 1)) + if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, now, 1)) ERR("The ID certificate was not valid"); } else { if (! (id_cert && auth_cert)) ERR("The certs we wanted were missing"); - /* Remember these certificates so we can check an AUTHENTICATE cell */ - if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, 1)) + /* Remember these certificates so we can check an AUTHENTICATE cell + * XXXX make sure we do that + */ + if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, now, 1)) ERR("The authentication certificate was not valid"); - if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, 1)) + if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, now, 1)) ERR("The ID certificate was not valid"); } diff --git a/src/or/torcert.h b/src/or/torcert.h index 39439d9d13..f851b92036 100644 --- a/src/or/torcert.h +++ b/src/or/torcert.h @@ -81,8 +81,8 @@ or_handshake_certs_t *or_handshake_certs_new(void); void or_handshake_certs_free(or_handshake_certs_t *certs); int or_handshake_certs_rsa_ok(int severity, or_handshake_certs_t *certs, - tor_tls_t *tls); -int or_handshake_certs_ed25519_ok(or_handshake_certs_t *certs); + tor_tls_t *tls, + time_t now); #endif |