commit f2068ef8626302f7dce44bf206c4e83d4af7abba
parent 5b33d95a3dfe943625d78983bb53be2901a51150
Author: Nick Mathewson <nickm@torproject.org>
Date: Thu, 1 Jun 2017 09:42:32 -0400
Use tor_assert_nonfatal() to try to detect #22466
Diffstat:
3 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/changes/bug22466_diagnostic b/changes/bug22466_diagnostic
@@ -0,0 +1,4 @@
+ o Minor features (diagnostic):
+ - Add logging messages to try to diagnose a rare bug that seems
+ to generate RSA->Ed25519 cross-certificates dated in the 1970s.
+ Diagnostic for bug 22466.
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
@@ -685,6 +685,10 @@ load_ed_keys(const or_options_t *options, time_t now)
tor_cert_t *sign_cert = NULL;
tor_cert_t *auth_cert = NULL;
+ // It is later than 1972, since otherwise there would be no C compilers.
+ // (Try to diagnose #22466.)
+ tor_assert_nonfatal(now >= 2 * 365 * 86400);
+
#define FAIL(msg) do { \
log_warn(LD_OR, (msg)); \
goto err; \
diff --git a/src/or/torcert.c b/src/or/torcert.c
@@ -302,6 +302,10 @@ tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
time_t expires,
uint8_t **cert)
{
+ // It is later than 1985, since otherwise there would be no C89
+ // compilers. (Try to diagnose #22466.)
+ tor_assert_nonfatal(expires >= 15 * 365 * 86400);
+
uint8_t *res;
rsa_ed_crosscert_t *cc = rsa_ed_crosscert_new();
