From efa21bb94188863e4ff5d8a288144cd93db00fe3 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 1 Oct 2014 11:54:07 -0400
Subject: Implement proposal 228: cross-certification with onion keys

Routers now use TAP and ntor onion keys to sign their identity keys,
and put these signatures in their descriptors.  That allows other
parties to be confident that the onion keys are indeed controlled by
the router that generated the descriptor.
---
 src/or/or.h | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/or/or.h')

diff --git a/src/or/or.h b/src/or/or.h
index 437183e727..d030189b61 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2023,6 +2023,9 @@ typedef struct {
   curve25519_public_key_t *onion_curve25519_pkey;
   /** Certificate for ed25519 signing key */
   struct tor_cert_st *signing_key_cert;
+  /** What's the earliest expiration time on all the certs in this
+   * routerinfo? */
+  time_t cert_expiration_time;
 
   char *platform; /**< What software/operating system is this OR using? */
 
@@ -5043,6 +5046,8 @@ typedef enum was_router_added_t {
   /* Router descriptor was rejected because it was older than
    * OLD_ROUTER_DESC_MAX_AGE. */
   ROUTER_WAS_TOO_OLD = -7, /* note contrast with 'NOT_NEW' */
+  /* DOCDOC */
+  ROUTER_CERTS_EXPIRED = -8
 } was_router_added_t;
 
 /********************************* routerparse.c ************************/
-- 
cgit v1.2.3-54-g00ecf