diff options
| -rw-r--r-- | changes/bug22466_diagnostic | 4 | ||||
| -rw-r--r-- | src/or/routerkeys.c | 4 | ||||
| -rw-r--r-- | src/or/torcert.c | 4 |
3 files changed, 12 insertions, 0 deletions
diff --git a/changes/bug22466_diagnostic b/changes/bug22466_diagnostic new file mode 100644 index 0000000000..0286c6515e --- /dev/null +++ b/changes/bug22466_diagnostic @@ -0,0 +1,4 @@ + o Minor features (diagnostic): + - Add logging messages to try to diagnose a rare bug that seems + to generate RSA->Ed25519 cross-certificates dated in the 1970s. + Diagnostic for bug 22466. diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 0bff8daad5..c8d5f701a4 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -686,6 +686,10 @@ load_ed_keys(const or_options_t *options, time_t now) tor_cert_t *sign_cert = NULL; tor_cert_t *auth_cert = NULL; + // It is later than 1972, since otherwise there would be no C compilers. + // (Try to diagnose #22466.) + tor_assert_nonfatal(now >= 2 * 365 * 86400); + #define FAIL(msg) do { \ log_warn(LD_OR, (msg)); \ goto err; \ diff --git a/src/or/torcert.c b/src/or/torcert.c index ef9e78bfe7..658e620ca5 100644 --- a/src/or/torcert.c +++ b/src/or/torcert.c @@ -302,6 +302,10 @@ tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, time_t expires, uint8_t **cert) { + // It is later than 1985, since otherwise there would be no C89 + // compilers. (Try to diagnose #22466.) + tor_assert_nonfatal(expires >= 15 * 365 * 86400); + uint8_t *res; rsa_ed_crosscert_t *cc = rsa_ed_crosscert_new(); |