[minion-cvs] When certificates are expired/not-yet-valid, warn of cl...

[nickm@seul.org (Nick Mathewson)]

Update of /home/minion/cvsroot/src/minion/lib/mixminion
In directory moria.mit.edu:/tmp/cvs-serv18134

Modified Files:
	MMTPClient.py 
Log Message:
When certificates are expired/not-yet-valid, warn of clock skew

Index: MMTPClient.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/MMTPClient.py,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -d -r1.58 -r1.59
--- MMTPClient.py	27 Apr 2004 13:12:52 -0000	1.58
+++ MMTPClient.py	27 Jul 2004 03:32:22 -0000	1.59
@@ -353,7 +353,6 @@
         """
         return self._isAlive
 
-
 class DeliverableString(DeliverableMessage):
     """Subclass of DeliverableMessage suitable for use by ClientMain and
        sendPackets.  Sends str(s) for some object s; invokes a callback on
@@ -494,14 +493,19 @@
             tls.check_cert_alive()
         except _ml.TLSError, e:
             s = str(e)
+            skewed=0
             notBefore,notAfter = tls.get_cert_lifetime()
             # XXXX 'stringContains' is not the best possible check here...
             if stringContains(s, "expired"):
-                s = "%s [at %s]"%(s,notAfter)
+                s = "%s [expired at %s]"%(s,notAfter)
+                skewed = 1
             elif stringContains(s,"not yet valid"):
-                s = "%s [until %s"%(s,notBefore)
-            raise MixProtocolBadAuth("Invalid certificate from %s: %s" % (
-                serverName, s))
+                s = "%s [not valid until %s]"%(s,notBefore)
+                skewed = 1
+            if skewed:
+                s +=" (One of you may have a skewed clock or wrong time zone)"
+            raise MixProtocolBadAuth("Invalid certificate from %s: %s " % (
+                serverName, s)
 
         # If we don't care whom we're talking to, we don't need to check
         # them out.