Merge remote-tracking branch 'origin/maint-0.2.4'

author: Nick Mathewson <nickm@torproject.org> 2014-04-14 18:00:54 -0400
committer: Nick Mathewson <nickm@torproject.org> 2014-04-14 18:00:54 -0400
commit: bc4c966851c16cfe3c92375fba22baf45a111a67 (patch)
tree: 759dc8ef6375e04b5a59f484d3b0ee1977055d59 /src/or/networkstatus.c
parent: 0820031419efcd39c2fddfa5efebbaa779982620 (diff)
parent: 149931571a4c5ad9ec24eb6d4306e8965a454211 (diff)
download: tor-bc4c966851c16cfe3c92375fba22baf45a111a67.tar
tor-bc4c966851c16cfe3c92375fba22baf45a111a67.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 74c4ca45a..b8ac2e05f 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -322,6 +322,17 @@ networkstatus_check_document_signature(const networkstatus_t *consensus,
                  DIGEST_LEN))
     return -1;
 
+  if (authority_cert_is_blacklisted(cert)) {
+    /* We implement blacklisting for authority signing keys by treating
+     * all their signatures as always bad. That way we don't get into
+     * crazy loops of dropping and re-fetching signatures. */
+    log_warn(LD_DIR, "Ignoring a consensus signature made with deprecated"
+             " signing key %s",
+             hex_str(cert->signing_key_digest, DIGEST_LEN));
+    sig->bad_signature = 1;
+    return 0;
+  }
+
   signed_digest_len = crypto_pk_keysize(cert->signing_key);
   signed_digest = tor_malloc(signed_digest_len);
   if (crypto_pk_public_checksig(cert->signing_key,
author	Nick Mathewson <nickm@torproject.org>	2014-04-14 18:00:54 -0400
committer	Nick Mathewson <nickm@torproject.org>	2014-04-14 18:00:54 -0400
commit	bc4c966851c16cfe3c92375fba22baf45a111a67 (patch)
tree	759dc8ef6375e04b5a59f484d3b0ee1977055d59 /src/or/networkstatus.c
parent	0820031419efcd39c2fddfa5efebbaa779982620 (diff)
parent	149931571a4c5ad9ec24eb6d4306e8965a454211 (diff)
download	tor-bc4c966851c16cfe3c92375fba22baf45a111a67.tar tor-bc4c966851c16cfe3c92375fba22baf45a111a67.tar.gz