commit 26d9fffae428a186e92ffa53053da76bea519fec
parent be741d7e63b06fe103caab3db4b64ada45bd6bae
Author: Nick Mathewson <nickm@torproject.org>
Date: Mon, 5 Jun 2017 09:52:09 -0400
Merge branch 'bug22466_diagnostic_030'
Diffstat:
3 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/changes/bug22466_diagnostic b/changes/bug22466_diagnostic
@@ -0,0 +1,4 @@
+ o Minor features (diagnostic):
+ - Add logging messages to try to diagnose a rare bug that seems
+ to generate RSA->Ed25519 cross-certificates dated in the 1970s.
+ Diagnostic for bug 22466.
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
@@ -686,6 +686,10 @@ load_ed_keys(const or_options_t *options, time_t now)
tor_cert_t *sign_cert = NULL;
tor_cert_t *auth_cert = NULL;
+ // It is later than 1972, since otherwise there would be no C compilers.
+ // (Try to diagnose #22466.)
+ tor_assert_nonfatal(now >= 2 * 365 * 86400);
+
#define FAIL(msg) do { \
log_warn(LD_OR, (msg)); \
goto err; \
diff --git a/src/or/torcert.c b/src/or/torcert.c
@@ -302,6 +302,10 @@ tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
time_t expires,
uint8_t **cert)
{
+ // It is later than 1985, since otherwise there would be no C89
+ // compilers. (Try to diagnose #22466.)
+ tor_assert_nonfatal(expires >= 15 * 365 * 86400);
+
uint8_t *res;
rsa_ed_crosscert_t *cc = rsa_ed_crosscert_new();
