[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] start to track down the "peer has invalid cert" bug



Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/common

Modified Files:
	tortls.c 
Log Message:
start to track down the 'peer has invalid cert' bug


Index: tortls.c
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- tortls.c	15 Oct 2003 23:50:25 -0000	1.21
+++ tortls.c	18 Oct 2003 06:48:46 -0000	1.22
@@ -463,22 +463,32 @@
     return NULL;
   
   now = time(NULL);
-  if (X509_cmp_time(X509_get_notBefore(cert), &now) > 0)
+  if (X509_cmp_time(X509_get_notBefore(cert), &now) > 0) {
+    log_fn(LOG_WARN,"X509_get_notBefore(cert) is in the future");
     goto done;
-  if (X509_cmp_time(X509_get_notAfter(cert), &now) < 0)
+  }
+  if (X509_cmp_time(X509_get_notAfter(cert), &now) < 0) {
+    log_fn(LOG_WARN,"X509_get_notAfter(cert) is in the past");
     goto done;
+  }
   
   /* Get the public key. */
-  if (!(pkey = X509_get_pubkey(cert)))
+  if (!(pkey = X509_get_pubkey(cert))) {
+    log_fn(LOG_WARN,"X509_get_pubkey returned null");
     goto done;
-  if (X509_verify(cert, pkey) <= 0)
+  }
+  if (X509_verify(cert, pkey) <= 0) {
+    log_fn(LOG_WARN,"X509_verify on cert and pkey returned <= 0");
     goto done;
+  }
 
   rsa = EVP_PKEY_get1_RSA(pkey);
   EVP_PKEY_free(pkey);
   pkey = NULL;
-  if (!rsa)
+  if (!rsa) {
+    log_fn(LOG_WARN,"EVP_PKEY_get1_RSA(pkey) returned null");
     goto done;
+  }
 
   r = _crypto_new_pk_env_rsa(rsa);
   rsa = NULL;