mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Simplify DH prime generation logic some.
This is just refactoring work here. The old logic was kind of convoluted, especially after the bug 5572 fix. We don't actually need to distinguish so many cases here. Dropping detection of the "!old_options || !old_options->DynamicDHGroups" case is fine because that's the same that we'd do for clients. Also add a changes file for bug 5572.
This commit is contained in:
parent
ce5422ecd1
commit
ed8374eb5a
5
changes/bug5572
Normal file
5
changes/bug5572
Normal file
@ -0,0 +1,5 @@
|
||||
o Major bugfixes:
|
||||
- Make sure we create the keys directory if it doesn't exist and we're
|
||||
about to store the dynamic diffie hellman parameters. Fixes bug 5572;
|
||||
bugfix on 0.2.3.13-alpha.
|
||||
|
@ -1332,7 +1332,6 @@ options_act(const or_options_t *old_options)
|
||||
or_options_t *options = get_options_mutable();
|
||||
int running_tor = options->command == CMD_RUN_TOR;
|
||||
char *msg;
|
||||
char *keydir;
|
||||
const int transition_affects_workers =
|
||||
old_options && options_transition_affects_workers(old_options, options);
|
||||
|
||||
@ -1459,35 +1458,18 @@ options_act(const or_options_t *old_options)
|
||||
}
|
||||
|
||||
/* If needed, generate a new TLS DH prime according to the current torrc. */
|
||||
if (server_mode(options)) {
|
||||
if (!old_options) {
|
||||
if (options->DynamicDHGroups) {
|
||||
char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
|
||||
keydir = get_datadir_fname("keys");
|
||||
if (check_private_dir(keydir, CPD_CREATE, options->User)) {
|
||||
tor_free(keydir);
|
||||
return -1;
|
||||
}
|
||||
tor_free(keydir);
|
||||
crypto_set_tls_dh_prime(fname);
|
||||
tor_free(fname);
|
||||
} else {
|
||||
crypto_set_tls_dh_prime(NULL);
|
||||
}
|
||||
} else {
|
||||
if (options->DynamicDHGroups && !old_options->DynamicDHGroups) {
|
||||
char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
|
||||
keydir = get_datadir_fname("keys");
|
||||
if (check_private_dir(keydir, CPD_CREATE, options->User)) {
|
||||
tor_free(keydir);
|
||||
return -1;
|
||||
}
|
||||
tor_free(keydir);
|
||||
crypto_set_tls_dh_prime(fname);
|
||||
tor_free(fname);
|
||||
} else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) {
|
||||
crypto_set_tls_dh_prime(NULL);
|
||||
}
|
||||
if (server_mode(options) && options->DynamicDHGroups) {
|
||||
char *keydir = get_datadir_fname("keys");
|
||||
if (check_private_dir(keydir, CPD_CREATE, options->User)) {
|
||||
tor_free(keydir);
|
||||
return -1;
|
||||
}
|
||||
tor_free(keydir);
|
||||
|
||||
if (!old_options || !old_options->DynamicDHGroups) {
|
||||
char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
|
||||
crypto_set_tls_dh_prime(fname);
|
||||
tor_free(fname);
|
||||
}
|
||||
} else { /* clients don't need a dynamic DH prime. */
|
||||
crypto_set_tls_dh_prime(NULL);
|
||||
|
Loading…
Reference in New Issue
Block a user