nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-12 22:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'maint-0.2.1' into maint-0.2.2

Browse Source 
Conflicts:
	src/or/main.c
	src/or/router.c
This commit is contained in:
Roger Dingledine 2011-09-13 18:27:13 -04:00
commit 4a351b4b9e
4 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changes/bug4014 Normal file
View File

@ -0,0 +1,3 @@
o Minor features:
- Adjust the expiration time on our SSL session certificates to
better match SSL certs seen in the wild. Resolves ticket 4014.

7
src/or/main.c
View File

@ -940,15 +940,16 @@ run_scheduled_events(time_t now)
if (options->UseBridges) if (options->UseBridges)
fetch_bridge_descriptors(options, now); fetch_bridge_descriptors(options, now);
/** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */ /** 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our
* TLS context. */
if (!last_rotated_x509_certificate) if (!last_rotated_x509_certificate)
last_rotated_x509_certificate = now; last_rotated_x509_certificate = now;
if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) { if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME_INTERNAL < now) {
log_info(LD_GENERAL,"Rotating tls context."); log_info(LD_GENERAL,"Rotating tls context.");
if (tor_tls_context_init(public_server_mode(options), if (tor_tls_context_init(public_server_mode(options),
get_tlsclient_identity_key(), get_tlsclient_identity_key(),
is_server ? get_server_identity_key() : NULL, is_server ? get_server_identity_key() : NULL,
MAX_SSL_KEY_LIFETIME) < 0) { MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
log_warn(LD_BUG, "Error reinitializing TLS context"); log_warn(LD_BUG, "Error reinitializing TLS context");
/* XXX is it a bug here, that we just keep going? -RD */ /* XXX is it a bug here, that we just keep going? -RD */
} }

4
src/or/or.h
View File

@ -163,7 +163,9 @@
/** How often do we rotate onion keys? */ /** How often do we rotate onion keys? */
#define MIN_ONION_KEY_LIFETIME (7*24*60*60) #define MIN_ONION_KEY_LIFETIME (7*24*60*60)
/** How often do we rotate TLS contexts? */ /** How often do we rotate TLS contexts? */
#define MAX_SSL_KEY_LIFETIME (2*60*60) #define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
/** What expiry time shall we place on our SSL certs? */
#define MAX_SSL_KEY_LIFETIME_ADVERTISED (365*24*60*60)
/** How old do we allow a router to get before removing it /** How old do we allow a router to get before removing it
* from the router list? In seconds. */ * from the router list? In seconds. */

4
src/or/router.c
View File

@ -526,7 +526,7 @@ init_keys(void)
if (tor_tls_context_init(0, if (tor_tls_context_init(0,
get_tlsclient_identity_key(), get_tlsclient_identity_key(),
NULL, NULL,
MAX_SSL_KEY_LIFETIME) < 0) { MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
log_err(LD_GENERAL,"Error creating TLS context for Tor client."); log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
return -1; return -1;
} }
@ -622,7 +622,7 @@ init_keys(void)
if (tor_tls_context_init(public_server_mode(options), if (tor_tls_context_init(public_server_mode(options),
get_tlsclient_identity_key(), get_tlsclient_identity_key(),
get_server_identity_key(), get_server_identity_key(),
MAX_SSL_KEY_LIFETIME) < 0) { MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
log_err(LD_GENERAL,"Error initializing TLS context"); log_err(LD_GENERAL,"Error initializing TLS context");
return -1; return -1;
} }