Don't allow INIT_ED_KEY_{NO_REPAIR,NEEDCERT} to be used together.

We haven't implemented NO_REPAIR for NEEDCERT, and we don't need it: but it's safest to stop any attempt to use it that way.

Don't allow INIT_ED_KEY_{NO_REPAIR,NEEDCERT} to be used together.
c4ab8f74 · Nick Mathewson · 3c28d95c · c4ab8f74
Commit c4ab8f74 authored 9 years ago by Nick Mathewson
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -196,6 +196,10 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
  const int encrypt_key = (flags & INIT_ED_KEY_TRY_ENCRYPTED);
  const int norepair = (flags & INIT_ED_KEY_NO_REPAIR);

+  /* we don't support setting both of these flags at once. */
+  tor_assert((flags & (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)) !=
+                      (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT));
+
  char tag[8];
  tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type);