commit 4ed0f0d62f760f83d9d87f37b88104b11c44fb6a
parent ac1ddd5e5bf86b85553b685d6ffa256ef555d94a
Author: Nick Mathewson <nickm@torproject.org>
Date: Tue, 6 Jun 2017 09:31:54 -0400
Make generate_ed_link_cert() a no-op on clients.
Fixes bug 22508; bug not in any released Tor.
Diffstat:
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
@@ -988,7 +988,7 @@ load_ed_keys(const or_options_t *options, time_t now)
*
* Returns -1 upon error. Otherwise, returns 0 upon success (either when the
* current certificate is still valid, or when a new certificate was
- * successfully generated).
+ * successfully generated, or no certificate was needed).
*/
int
generate_ed_link_cert(const or_options_t *options, time_t now,
@@ -997,6 +997,11 @@ generate_ed_link_cert(const or_options_t *options, time_t now,
const tor_x509_cert_t *link_ = NULL, *id = NULL;
tor_cert_t *link_cert = NULL;
+ if (!server_mode(options)) {
+ /* No need to make an Ed25519->Link cert: we are a client */
+ return 0;
+ }
+
if (tor_tls_get_my_certs(1, &link_, &id) < 0 || link_ == NULL) {
log_warn(LD_OR, "Can't get my x509 link cert.");
return -1;
