Code to blacklist authority signing keys

(I need a list of actual signing keys to blacklist.)
author: Nick Mathewson <nickm@torproject.org> 2014-04-11 10:22:14 -0400
committer: Nick Mathewson <nickm@torproject.org> 2014-04-14 17:57:39 -0400
commit: 50ad3939242885b1a1a11688abd0c9756631747f (patch)
tree: 33e5a9536cfa475863de66a1b89a820b5ddb9544 /src/or/routerlist.c
parent: 2658e70d16eccfdd4b37d23a8399fce492d0eea1 (diff)
download: tor-50ad3939242885b1a1a11688abd0c9756631747f.tar
tor-50ad3939242885b1a1a11688abd0c9756631747f.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 3c39e362d..e993e138e 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -458,6 +458,28 @@ authority_cert_dl_failed(const char *id_digest, int status)
   download_status_failed(&cl->dl_status, status);
 }
 
+static const char *BAD_SIGNING_KEYS[] = {
+  "----------------------------------------",
+  NULL,
+};
+
+/** DOCDOC */
+int
+authority_cert_is_blacklisted(const authority_cert_t *cert)
+{
+  char hex_digest[HEX_DIGEST_LEN+1];
+  int i;
+  base16_encode(hex_digest, sizeof(hex_digest),
+                cert->signing_key_digest, sizeof(cert->signing_key_digest));
+
+  for (i = 0; BAD_SIGNING_KEYS[i]; ++i) {
+    if (!strcasecmp(hex_digest, BAD_SIGNING_KEYS[i])) {
+      return 1;
+    }
+  }
+  return 0;
+}
+
 /** Return true iff when we've been getting enough failures when trying to
  * download the certificate with ID digest <b>id_digest</b> that we're willing
  * to start bugging the user about it. */
author	Nick Mathewson <nickm@torproject.org>	2014-04-11 10:22:14 -0400
committer	Nick Mathewson <nickm@torproject.org>	2014-04-14 17:57:39 -0400
commit	50ad3939242885b1a1a11688abd0c9756631747f (patch)
tree	33e5a9536cfa475863de66a1b89a820b5ddb9544 /src/or/routerlist.c
parent	2658e70d16eccfdd4b37d23a8399fce492d0eea1 (diff)
download	tor-50ad3939242885b1a1a11688abd0c9756631747f.tar tor-50ad3939242885b1a1a11688abd0c9756631747f.tar.gz