[or-cvs] start to track down the "peer has invalid cert" bug
Roger Dingledine
arma at seul.org
Sat Oct 18 06:48:49 UTC 2003
Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/common
Modified Files:
tortls.c
Log Message:
start to track down the 'peer has invalid cert' bug
Index: tortls.c
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- tortls.c 15 Oct 2003 23:50:25 -0000 1.21
+++ tortls.c 18 Oct 2003 06:48:46 -0000 1.22
@@ -463,22 +463,32 @@
return NULL;
now = time(NULL);
- if (X509_cmp_time(X509_get_notBefore(cert), &now) > 0)
+ if (X509_cmp_time(X509_get_notBefore(cert), &now) > 0) {
+ log_fn(LOG_WARN,"X509_get_notBefore(cert) is in the future");
goto done;
- if (X509_cmp_time(X509_get_notAfter(cert), &now) < 0)
+ }
+ if (X509_cmp_time(X509_get_notAfter(cert), &now) < 0) {
+ log_fn(LOG_WARN,"X509_get_notAfter(cert) is in the past");
goto done;
+ }
/* Get the public key. */
- if (!(pkey = X509_get_pubkey(cert)))
+ if (!(pkey = X509_get_pubkey(cert))) {
+ log_fn(LOG_WARN,"X509_get_pubkey returned null");
goto done;
- if (X509_verify(cert, pkey) <= 0)
+ }
+ if (X509_verify(cert, pkey) <= 0) {
+ log_fn(LOG_WARN,"X509_verify on cert and pkey returned <= 0");
goto done;
+ }
rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey);
pkey = NULL;
- if (!rsa)
+ if (!rsa) {
+ log_fn(LOG_WARN,"EVP_PKEY_get1_RSA(pkey) returned null");
goto done;
+ }
r = _crypto_new_pk_env_rsa(rsa);
rsa = NULL;
More information about the tor-commits
mailing list