Use tor_assert_nonfatal() to try to detect #22466

2025-02-25 07:07:52 +01:00 · 2017-06-01 09:42:32 -04:00 · 2017-06-01 09:42:32 -04:00 · f2068ef862
commit f2068ef862
parent 5b33d95a3d
3 changed files with 12 additions and 0 deletions
--- a/changes/bug22466_diagnostic
+++ b/changes/bug22466_diagnostic
@ -0,0 +1,4 @@
+   o Minor features (diagnostic):
+     - Add logging messages to try to diagnose a rare bug that seems
+       to generate RSA->Ed25519 cross-certificates dated in the 1970s.
+       Diagnostic for bug 22466.
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@ -685,6 +685,10 @@ load_ed_keys(const or_options_t *options, time_t now)
  tor_cert_t *sign_cert = NULL;
  tor_cert_t *auth_cert = NULL;

+  // It is later than 1972, since otherwise there would be no C compilers.
+  // (Try to diagnose #22466.)
+  tor_assert_nonfatal(now >= 2 * 365 * 86400);
+
 #define FAIL(msg) do {                          \
    log_warn(LD_OR, (msg));                     \
    goto err;                                   \
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@ -302,6 +302,10 @@ tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
                               time_t expires,
                               uint8_t **cert)
 {
+  // It is later than 1985, since otherwise there would be no C89
+  // compilers. (Try to diagnose #22466.)
+  tor_assert_nonfatal(expires >= 15 * 365 * 86400);
+
  uint8_t *res;

  rsa_ed_crosscert_t *cc = rsa_ed_crosscert_new();