At the bottom of command_process_netinfo_cell() we have some logic, when we hear a scary time from a netinfo cell, to check: ``` if (router_digest_is_trusted_dir(conn->identity_digest)) severity = LOG_WARN; else severity = LOG_INFO; ``` We should repeat that logic when we get a scary time from a CERTS cell. Turns out those scary times (off by an hour or more) are reasonably common. If you're quick, you can reproduce by running your Tor with "entrynode 0xABCD": ``` Nov 01 04:30:45.000 [debug] connection_or_process_cells_from_inbuf(): 14: starting, inbuf_datalen 1444 (0 pending in tls object). Nov 01 04:30:45.000 [warn] Certificate not yet valid: is your system clock set incorrectly? Nov 01 04:30:45.000 [warn] (certificate lifetime runs from Nov 1 12:15:08 2011 GMT through Oct 31 12:15:08 2012 GMT. Your time is Nov 01 08:30:45 2011 GMT.) Nov 01 04:30:45.000 [info] command_process_cert_cell(): Received a bad CERT cell from 120.50.40.184:9001: The link certificate was not valid ```