summaryrefslogtreecommitdiff
path: root/src/or/routerkeys.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/or/routerkeys.c')
-rw-r--r--src/or/routerkeys.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 80b26e6bf8..50659fcb69 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -295,6 +295,7 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
if (rv == 0) {
have_secret = 1;
loaded_secret_fname = secret_fname;
+ tor_assert(got_tag);
} else {
if (errno != ENOENT && norepair) {
tor_log(severity, LD_OR, "Unable to read %s: %s", secret_fname,
@@ -482,10 +483,12 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
tor_log(severity, LD_OR, "Cert was for wrong key");
bad_cert = 1;
} else if (signing_key &&
- tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 &&
- (signing_key || cert->cert_expired)) {
+ tor_cert_checksig(cert, &signing_key->pubkey, now) < 0) {
tor_log(severity, LD_OR, "Can't check certificate");
bad_cert = 1;
+ } else if (cert->cert_expired) {
+ tor_log(severity, LD_OR, "Certificate is expired");
+ bad_cert = 1;
} else if (signing_key && cert->signing_key_included &&
! ed25519_pubkey_eq(&signing_key->pubkey, &cert->signing_key)) {
tor_log(severity, LD_OR, "Certificate signed by unexpectd key!");
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion