[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r17208: {tor} patch from karsten to not use or accept expired certs. fixes (in tor/trunk: . src/or)
Author: nickm
Date: 2008-11-07 08:38:49 -0500 (Fri, 07 Nov 2008)
New Revision: 17208
Modified:
tor/trunk/ChangeLog
tor/trunk/src/or/dirvote.c
tor/trunk/src/or/networkstatus.c
Log:
patch from karsten to not use or accept expired certs. fixes bug 851.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-11-07 05:11:41 UTC (rev 17207)
+++ tor/trunk/ChangeLog 2008-11-07 13:38:49 UTC (rev 17208)
@@ -12,6 +12,8 @@
detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
and Steven Murdoch.
+ - Do not use or believe expired certificates. Patch from Karsten.
+ Fixes bug 851.
o Minor features:
- Now NodeFamily and MyFamily config options allow spaces in
Modified: tor/trunk/src/or/dirvote.c
===================================================================
--- tor/trunk/src/or/dirvote.c 2008-11-07 05:11:41 UTC (rev 17207)
+++ tor/trunk/src/or/dirvote.c 2008-11-07 13:38:49 UTC (rev 17208)
@@ -1568,6 +1568,7 @@
networkstatus_t *ns;
char *contents;
pending_vote_t *pending_vote;
+ time_t now = time(NULL);
int status;
const char *msg = "";
@@ -1575,6 +1576,9 @@
if (!cert || !key) {
log_warn(LD_NET, "Didn't find key/certificate to generate v3 vote");
return -1;
+ } else if (now < cert->expires) {
+ log_warn(LD_NET, "Can't generate v3 vote with expired certificate");
+ return -1;
}
if (!(ns = dirserv_generate_networkstatus_vote_obj(key, cert)))
return -1;
Modified: tor/trunk/src/or/networkstatus.c
===================================================================
--- tor/trunk/src/or/networkstatus.c 2008-11-07 05:11:41 UTC (rev 17207)
+++ tor/trunk/src/or/networkstatus.c 2008-11-07 13:38:49 UTC (rev 17208)
@@ -387,6 +387,7 @@
smartlist_t *unrecognized = smartlist_create();
smartlist_t *missing_authorities = smartlist_create();
int severity;
+ time_t now = time(NULL);
tor_assert(consensus->type == NS_TYPE_CONSENSUS);
@@ -403,7 +404,7 @@
smartlist_add(unrecognized, voter);
++n_unknown;
continue;
- } else if (!cert) {
+ } else if (!cert || now > cert->expires) {
smartlist_add(need_certs_from, voter);
++n_missing_key;
continue;