detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
and Steven Murdoch.
+ - Do not use or believe expired certificates. Patch from Karsten.
+ Fixes bug 851.
o Minor features:
- Now NodeFamily and MyFamily config options allow spaces in
networkstatus_t *ns;
char *contents;
pending_vote_t *pending_vote;
+ time_t now = time(NULL);
int status;
const char *msg = "";
if (!cert || !key) {
log_warn(LD_NET, "Didn't find key/certificate to generate v3 vote");
return -1;
+ } else if (now < cert->expires) {
+ log_warn(LD_NET, "Can't generate v3 vote with expired certificate");
+ return -1;
}
if (!(ns = dirserv_generate_networkstatus_vote_obj(key, cert)))
return -1;
smartlist_t *unrecognized = smartlist_create();
smartlist_t *missing_authorities = smartlist_create();
int severity;
+ time_t now = time(NULL);
tor_assert(consensus->type == NS_TYPE_CONSENSUS);
smartlist_add(unrecognized, voter);
++n_unknown;
continue;
- } else if (!cert) {
+ } else if (!cert || now > cert->expires) {
smartlist_add(need_certs_from, voter);
++n_missing_key;
continue;
projects / thirdparty / tor.git / commitdiff
