mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 21:23:58 +01:00
Check onion key consensus parameters every hour.
This patch changes the way we decide when to check for whether it's time to rotate and/or expiry our onion keys. Due to proposal #274 we can now have the keys rotate at different frequencies than before and we thus do the check once an hour when our Tor daemon is running in server mode. This should allow us to quickly notice if the network consensus parameter have changed while we are running instead of having to wait until the current parameters timeout value have passed. See: See: https://bugs.torproject.org/21641
This commit is contained in:
parent
853b54dea4
commit
946ccf3e4d
@ -1485,7 +1485,7 @@ rotate_onion_key_callback(time_t now, const or_options_t *options)
|
||||
int onion_key_lifetime = get_onion_key_lifetime();
|
||||
time_t rotation_time = get_onion_key_set_at()+onion_key_lifetime;
|
||||
if (rotation_time > now) {
|
||||
return safe_timer_diff(now, rotation_time);
|
||||
return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
|
||||
}
|
||||
|
||||
log_info(LD_GENERAL,"Rotating onion key.");
|
||||
@ -1496,7 +1496,7 @@ rotate_onion_key_callback(time_t now, const or_options_t *options)
|
||||
}
|
||||
if (advertised_server_mode() && !options->DisableNetwork)
|
||||
router_upload_dir_desc_to_dirservers(0);
|
||||
return onion_key_lifetime;
|
||||
return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
|
||||
}
|
||||
return PERIODIC_EVENT_NO_UPDATE;
|
||||
}
|
||||
@ -1512,17 +1512,14 @@ check_onion_keys_expiry_time_callback(time_t now, const or_options_t *options)
|
||||
if (server_mode(options)) {
|
||||
int onion_key_grace_period = get_onion_key_grace_period();
|
||||
time_t expiry_time = get_onion_key_set_at()+onion_key_grace_period;
|
||||
|
||||
if (expiry_time > now) {
|
||||
return safe_timer_diff(now, expiry_time);
|
||||
return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
|
||||
}
|
||||
|
||||
log_info(LD_GENERAL, "Expiring old onion keys.");
|
||||
|
||||
expire_old_onion_keys();
|
||||
cpuworkers_rotate_keyinfo();
|
||||
|
||||
return onion_key_grace_period;
|
||||
return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
|
||||
}
|
||||
|
||||
return PERIODIC_EVENT_NO_UPDATE;
|
||||
|
@ -164,6 +164,10 @@
|
||||
/** Default grace period for acceptance of an onion key in days. */
|
||||
#define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7)
|
||||
|
||||
/** How often we should check the network consensus if it is time to rotate or
|
||||
* expire onion keys. */
|
||||
#define ONION_KEY_CONSENSUS_CHECK_INTERVAL (60*60)
|
||||
|
||||
/** How often do we rotate TLS contexts? */
|
||||
#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user