summaryrefslogtreecommitdiff
path: root/src/common/tortls.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2003-10-23 14:20:51 +0000
committerNick Mathewson <nickm@torproject.org>2003-10-23 14:20:51 +0000
commit6b79d8a7e9d84de8193c6a749932674d1f41e047 (patch)
tree7f54840bb2582484e99dce9c64bea6671d6c5bda /src/common/tortls.c
parent03964490973422d34f5b43c1ccf8d38a2f9b45ab (diff)
downloadtor-6b79d8a7e9d84de8193c6a749932674d1f41e047.tar.gz
tor-6b79d8a7e9d84de8193c6a749932674d1f41e047.zip
Two-pronged attack at my overzealous skew fixes.
The problem was that the fixes had us generating TLS certs with a 2-day lifetime on the assumption that we'd rotate fairly often. In fact, we never rotate our TLS keys. This patch fixes the situation in 2 ways: 1. It bumps the default lifetime back up to one year until we get rotation in place. 2. It changes tor_tls_context_new() so that it doesn't leak memory when you call it more than once. svn:r663
Diffstat (limited to 'src/common/tortls.c')
-rw-r--r--src/common/tortls.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index b7f13aae0f..a665909bb2 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -23,9 +23,9 @@
#include <openssl/bio.h>
/* How long do certificates live? (sec) */
-#define CERT_LIFETIME (2*24*60*60)
+#define CERT_LIFETIME (365*24*60*60)
/* How much clock skew do we tolerate when checking certificates? (sec) */
-#define CERT_ALLOW_SKEW (3*60)
+#define CERT_ALLOW_SKEW (30*60)
struct tor_tls_context_st {
SSL_CTX *ctx;
@@ -46,7 +46,7 @@ static X509* tor_tls_create_certificate(crypto_pk_env_t *rsa,
const char *nickname);
/* global tls context, keep it here because nobody else needs to touch it */
-static tor_tls_context *global_tls_context=NULL;
+static tor_tls_context *global_tls_context = NULL;
static int tls_library_is_initialized = 0;
#define _TOR_TLS_SYSCALL -6
@@ -269,6 +269,13 @@ tor_tls_context_new(crypto_pk_env_t *rsa,
always_accept_verify_cb);
/* let us realloc bufs that we're writing from */
SSL_CTX_set_mode(result->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
+ /* Free the old context if one exists. */
+ if (global_tls_context) {
+ /* This is safe even if there are open connections: OpenSSL does
+ * reference counting with SSL and SSL_CTX objects. */
+ SSL_CTX_free(global_tls_context);
+ }
global_tls_context = result;
return 0;