Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'maint-0.2.2'

Roger Dingledine 12 years ago
parent
1e1cc43b57 4a351b4b9e
commit
1fcaeb6092
4 changed files with 12 additions and 6 deletions
Split View Show Diff Stats
  1. 3 0
      changes/bug4014
  2. 4 3
      src/or/main.c
  3. 3 1
      src/or/or.h
  4. 2 2
      src/or/router.c

+ 3 - 0
changes/bug4014
View File 

@@ -0,0 +1,3 @@
 
+  o Minor features:
 
+    - Adjust the expiration time on our SSL session certificates to
 
+      better match SSL certs seen in the wild. Resolves ticket 4014.

+ 4 - 3
src/or/main.c
View File 

@@ -1152,15 +1152,16 @@ run_scheduled_events(time_t now)
 
   if (options->UseBridges)
 
     fetch_bridge_descriptors(options, now);
 
 
-  /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */
 
+  /** 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our
 
+   * TLS context. */
 
   if (!last_rotated_x509_certificate)
 
     last_rotated_x509_certificate = now;
 
-  if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) {
 
+  if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME_INTERNAL < now) {
 
     log_info(LD_GENERAL,"Rotating tls context.");
 
     if (tor_tls_context_init(public_server_mode(options),
 
                              get_tlsclient_identity_key(),
 
                              is_server ? get_server_identity_key() : NULL,
 
-                             MAX_SSL_KEY_LIFETIME) < 0) {
 
+                             MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
 
       log_warn(LD_BUG, "Error reinitializing TLS context");
 
       /* XXX is it a bug here, that we just keep going? -RD */
 
     }

+ 3 - 1
src/or/or.h
View File 

@@ -174,7 +174,9 @@
 
 /** How often do we rotate onion keys? */
 
 #define MIN_ONION_KEY_LIFETIME (7*24*60*60)
 
 /** How often do we rotate TLS contexts? */
 
-#define MAX_SSL_KEY_LIFETIME (2*60*60)
 
+#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
 
+/** What expiry time shall we place on our SSL certs? */
 
+#define MAX_SSL_KEY_LIFETIME_ADVERTISED (365*24*60*60)
 
 
 /** How old do we allow a router to get before removing it
 
  * from the router list? In seconds. */

+ 2 - 2
src/or/router.c
View File 

@@ -533,7 +533,7 @@ init_keys(void)
 
     if (tor_tls_context_init(0,
 
                              get_tlsclient_identity_key(),
 
                              NULL,
 
-                             MAX_SSL_KEY_LIFETIME) < 0) {
 
+                             MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
 
       log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
 
       return -1;
 
     }
 
@@ -629,7 +629,7 @@ init_keys(void)
 
   if (tor_tls_context_init(public_server_mode(options),
 
                            get_tlsclient_identity_key(),
 
                            get_server_identity_key(),
 
-                           MAX_SSL_KEY_LIFETIME) < 0) {
 
+                           MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
 
     log_err(LD_GENERAL,"Error initializing TLS context");
 
     return -1;
 
   }