Don't allow INIT_ED_KEY_{NO_REPAIR,NEEDCERT} to be used together.

We haven't implemented NO_REPAIR for NEEDCERT, and we don't need it:
but it's safest to stop any attempt to use it that way.

diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 77bbcfd49f570035c217782aaa00a9d028e69180..c9afad9b6b40b135f383fa08d4aa2059f4508697 100644 (file)
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -196,6 +196,10 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
   const int encrypt_key = (flags & INIT_ED_KEY_TRY_ENCRYPTED);
   const int norepair = (flags & INIT_ED_KEY_NO_REPAIR);
 
+  /* we don't support setting both of these flags at once. */
+  tor_assert((flags & (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)) !=
+                      (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT));
+
   char tag[8];
   tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type);