From 4ed0f0d62f760f83d9d87f37b88104b11c44fb6a Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 6 Jun 2017 09:31:54 -0400 Subject: [PATCH] Make generate_ed_link_cert() a no-op on clients. Fixes bug 22508; bug not in any released Tor. --- src/or/routerkeys.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 1eb44db85..f69c0f137 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -988,7 +988,7 @@ load_ed_keys(const or_options_t *options, time_t now) * * Returns -1 upon error. Otherwise, returns 0 upon success (either when the * current certificate is still valid, or when a new certificate was - * successfully generated). + * successfully generated, or no certificate was needed). */ int generate_ed_link_cert(const or_options_t *options, time_t now, @@ -997,6 +997,11 @@ generate_ed_link_cert(const or_options_t *options, time_t now, const tor_x509_cert_t *link_ = NULL, *id = NULL; tor_cert_t *link_cert = NULL; + if (!server_mode(options)) { + /* No need to make an Ed25519->Link cert: we are a client */ + return 0; + } + if (tor_tls_get_my_certs(1, &link_, &id) < 0 || link_ == NULL) { log_warn(LD_OR, "Can't get my x509 link cert."); return -1;