Fix code for checking expired certificates on load

author Nick Mathewson <nickm@torproject.org>

Tue, 1 Sep 2015 13:47:51 +0000 (09:47 -0400)

committer Nick Mathewson <nickm@torproject.org>

Tue, 1 Sep 2015 13:47:51 +0000 (09:47 -0400)
author Nick Mathewson <nickm@torproject.org>
Tue, 1 Sep 2015 13:47:51 +0000 (09:47 -0400)
committer Nick Mathewson <nickm@torproject.org>
Tue, 1 Sep 2015 13:47:51 +0000 (09:47 -0400)
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c

index 80b26e6bf8be42af7dac3ed5547ff3746380e8a8..1bf09515c89471a65c99e74131cc0f53348867c3 100644 (file)
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -482,10 +482,12 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
      tor_log(severity, LD_OR, "Cert was for wrong key");
      bad_cert = 1;
    } else if (signing_key &&
-             tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 &&
-             (signing_key || cert->cert_expired)) {
+             tor_cert_checksig(cert, &signing_key->pubkey, now) < 0) {
      tor_log(severity, LD_OR, "Can't check certificate");
      bad_cert = 1;
+  } else if (cert->cert_expired) {
+    tor_log(severity, LD_OR, "Certificate is expired");
+    bad_cert = 1;
    } else if (signing_key && cert->signing_key_included &&
               ! ed25519_pubkey_eq(&signing_key->pubkey, &cert->signing_key)) {
      tor_log(severity, LD_OR, "Certificate signed by unexpectd key!");
author	Nick Mathewson <nickm@torproject.org>
	Tue, 1 Sep 2015 13:47:51 +0000 (09:47 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Tue, 1 Sep 2015 13:47:51 +0000 (09:47 -0400)