add CertFile, Nickname

write new certfile if you don't have one already
set up a tls context on startup


svn:r432
This commit is contained in:
Roger Dingledine 2003-09-08 06:26:38 +00:00
parent ace475f01c
commit a6a5784bca
3 changed files with 32 additions and 1 deletions

View File

@ -192,6 +192,8 @@ static void config_assign(or_options_t *options, struct config_line *list) {
config_compare(list, "PrivateKeyFile", CONFIG_TYPE_STRING, &options->PrivateKeyFile) || config_compare(list, "PrivateKeyFile", CONFIG_TYPE_STRING, &options->PrivateKeyFile) ||
config_compare(list, "SigningPrivateKeyFile", CONFIG_TYPE_STRING, &options->SigningPrivateKeyFile) || config_compare(list, "SigningPrivateKeyFile", CONFIG_TYPE_STRING, &options->SigningPrivateKeyFile) ||
config_compare(list, "RouterFile", CONFIG_TYPE_STRING, &options->RouterFile) || config_compare(list, "RouterFile", CONFIG_TYPE_STRING, &options->RouterFile) ||
config_compare(list, "CertFile", CONFIG_TYPE_STRING, &options->CertFile) ||
config_compare(list, "Nickname", CONFIG_TYPE_STRING, &options->Nickname) ||
/* int options */ /* int options */
config_compare(list, "MaxConn", CONFIG_TYPE_INT, &options->MaxConn) || config_compare(list, "MaxConn", CONFIG_TYPE_INT, &options->MaxConn) ||
@ -244,6 +246,7 @@ int getconfig(int argc, char **argv, or_options_t *options) {
options->NewCircuitPeriod = 60; /* once a minute */ options->NewCircuitPeriod = 60; /* once a minute */
options->TotalBandwidth = 800000; /* at most 800kB/s total sustained incoming */ options->TotalBandwidth = 800000; /* at most 800kB/s total sustained incoming */
options->NumCpus = 1; options->NumCpus = 1;
options->CertFile = "default.cert";
// options->ReconnectPeriod = 6001; // options->ReconnectPeriod = 6001;
/* get config lines from /etc/torrc and assign them */ /* get config lines from /etc/torrc and assign them */
@ -352,6 +355,11 @@ int getconfig(int argc, char **argv, or_options_t *options) {
result = -1; result = -1;
} }
if(options->OnionRouter && options->Nickname == NULL) {
log_fn(LOG_ERR,"Nickname required for OnionRouter, but not found.");
return -1;
}
if(options->DirPort > 0 && options->SigningPrivateKeyFile == NULL) { if(options->DirPort > 0 && options->SigningPrivateKeyFile == NULL) {
log(LOG_ERR,"SigningPrivateKeyFile option required for DirServer, but not found."); log(LOG_ERR,"SigningPrivateKeyFile option required for DirServer, but not found.");
result = -1; result = -1;

View File

@ -450,7 +450,28 @@ static int do_main_loop(void) {
} }
#ifdef USE_TLS #ifdef USE_TLS
make the tls context here if(options.OnionRouter) {
struct stat statbuf;
if(stat(options.CertFile, &statbuf) < 0) {
log_fn(LOG_INFO,"CertFile %s is missing. Generating.", options.CertFile);
if(tor_tls_write_certificate(options.CertFile,
get_privatekey(),
options.Nickname) < 0) {
log_fn(LOG_ERR,"Couldn't write CertFile %s. Dying.", options.CertFile);
return -1;
}
}
if(tor_tls_context_new(certfile, get_privatekey(), 1) < 0) {
log_fn(LOG_ERR,"Error creating tls context.");
return -1;
}
} else { /* just a proxy, the context is easy */
if(tor_tls_context_new(NULL, NULL, 0) < 0) {
log_fn(LOG_ERR,"Error creating tls context.");
return -1;
}
}
#endif #endif
/* start up the necessary connections based on which ports are /* start up the necessary connections based on which ports are

View File

@ -439,6 +439,8 @@ typedef struct {
char *RouterFile; char *RouterFile;
char *SigningPrivateKeyFile; char *SigningPrivateKeyFile;
char *PrivateKeyFile; char *PrivateKeyFile;
char *CertFile;
char *Nickname;
double CoinWeight; double CoinWeight;
int Daemon; int Daemon;
int ORPort; int ORPort;