|
|
@@ -1363,22 +1363,26 @@ options_act(const or_options_t *old_options)
|
|
|
}
|
|
|
|
|
|
/* If needed, generate a new TLS DH prime according to the current torrc. */
|
|
|
- if (!old_options) {
|
|
|
- if (options->DynamicDHGroups) {
|
|
|
- char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus");
|
|
|
- crypto_set_tls_dh_prime(fname);
|
|
|
- tor_free(fname);
|
|
|
+ if (server_mode(options) && options->BridgeRelay) {
|
|
|
+ if (!old_options) {
|
|
|
+ if (options->DynamicDHGroups) {
|
|
|
+ char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus");
|
|
|
+ crypto_set_tls_dh_prime(fname);
|
|
|
+ tor_free(fname);
|
|
|
+ } else {
|
|
|
+ crypto_set_tls_dh_prime(NULL);
|
|
|
+ }
|
|
|
} else {
|
|
|
- crypto_set_tls_dh_prime(NULL);
|
|
|
- }
|
|
|
- } else {
|
|
|
- if (options->DynamicDHGroups && !old_options->DynamicDHGroups) {
|
|
|
- char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus");
|
|
|
- crypto_set_tls_dh_prime(fname);
|
|
|
- tor_free(fname);
|
|
|
- } else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) {
|
|
|
- crypto_set_tls_dh_prime(NULL);
|
|
|
+ if (options->DynamicDHGroups && !old_options->DynamicDHGroups) {
|
|
|
+ char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus");
|
|
|
+ crypto_set_tls_dh_prime(fname);
|
|
|
+ tor_free(fname);
|
|
|
+ } else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) {
|
|
|
+ crypto_set_tls_dh_prime(NULL);
|
|
|
+ }
|
|
|
}
|
|
|
+ } else { /* clients don't need a dynamic DH prime. */
|
|
|
+ crypto_set_tls_dh_prime(NULL);
|
|
|
}
|
|
|
|
|
|
/* We want to reinit keys as needed before we do much of anything else:
|
George Kadianakis