[or-cvs] Change "warn if unverified routers are very skewed" to "nev...

Nick Mathewson nickm at seul.org
Mon Nov 15 04:28:27 UTC 2004 

Update of /home/or/cvsroot/tor/src/or
In directory moria.mit.edu:/tmp/cvs-serv14085/src/or

Modified Files:
	connection_or.c 
Log Message:
Change "warn if unverified routers are very skewed" to "never warn about unverified router skew"

Index: connection_or.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/connection_or.c,v
retrieving revision 1.140
retrieving revision 1.141
diff -u -d -r1.140 -r1.141
--- connection_or.c	14 Nov 2004 22:08:25 -0000	1.140
+++ connection_or.c	15 Nov 2004 04:28:24 -0000	1.141
@@ -15,9 +15,6 @@
 /** How much clock skew do we tolerate when checking certificates for
  * known routers? (sec) */
 #define TIGHT_CERT_ALLOW_SKEW (90*60)
-/** How much clock skew do we tolerate when checking certificates for
- * unknown routers/clients? (sec) */
-#define LOOSE_CERT_ALLOW_SKEW (24*60*60)
 
 static int connection_tls_finish_handshake(connection_t *conn);
 static int connection_or_process_cells_from_inbuf(connection_t *conn);
@@ -369,11 +366,13 @@
            nickname, conn->address, conn->port);
     return -1;
   }
+#if 0
   if(tor_tls_check_lifetime(conn->tls, LOOSE_CERT_ALLOW_SKEW)<0) {
-    log_fn(LOG_WARN,"Other side '%s' (%s:%d) has a very highly skewed clock, or an expired certificate. Closing.",
+    log_fn(LOG_WARN,"Other side '%s' (%s:%d) has a very highly skewed clock, or an expired certificate.  Closing.",
            nickname, conn->address, conn->port);
     return -1;
   }
+#endif
   log_fn(LOG_DEBUG,"The router's cert is valid.");
   crypto_pk_get_digest(identity_rcvd, digest_rcvd);
 
@@ -394,7 +393,7 @@
   if (router_get_by_digest(digest_rcvd)) {
     /* This is a known router; don't cut it slack with its clock skew. */
     if(tor_tls_check_lifetime(conn->tls, TIGHT_CERT_ALLOW_SKEW)<0) {
-      log_fn(LOG_WARN,"Router '%s' (%s:%d) has a skewed clock, or an expired certificate. Closing.",
+      log_fn(LOG_WARN,"Router '%s' (%s:%d) has a skewed clock, or an expired certificate; or else our clock is skewed. Closing.",
              nickname, conn->address, conn->port);
       return -1;
     }

More information about the tor-commits mailing list