diff options
| author | David Goulet <dgoulet@torproject.org> | 2017-04-25 14:11:23 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-05-09 10:30:52 -0400 |
| commit | 039e2a24da522f483909e0eb55f963dce6e3b0e5 (patch) | |
| tree | a60ac06bf84084532d98b3e5d0c02ebf55ade10e /src/or/config.c | |
| parent | 8aedc589edf78a75092868192869fe84b5a53816 (diff) | |
| download | tor-039e2a24da522f483909e0eb55f963dce6e3b0e5.tar.gz tor-039e2a24da522f483909e0eb55f963dce6e3b0e5.zip | |
config: Remove TLSECGroup option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.
Partially fixes #22060
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/or/config.c')
| -rw-r--r-- | src/or/config.c | 37 |
1 files changed, 1 insertions, 36 deletions
diff --git a/src/or/config.c b/src/or/config.c index 1af554a3fa..72063dbe3e 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -494,7 +494,7 @@ static config_var_t option_vars_[] = { V(TokenBucketRefillInterval, MSEC_INTERVAL, "100 msec"), V(Tor2webMode, BOOL, "0"), V(Tor2webRendezvousPoints, ROUTERSET, NULL), - V(TLSECGroup, STRING, NULL), + OBSOLETE("TLSECGroup"), V(TrackHostExits, CSV, NULL), V(TrackHostExitsExpire, INTERVAL, "30 minutes"), V(TransListenAddress, LINELIST, NULL), @@ -664,8 +664,6 @@ static const config_deprecation_t option_deprecation_notes_[] = { "a wide variety of application-level attacks." }, { "ClientDNSRejectInternalAddresses", "Turning this on makes your client " "easier to fingerprint, and may open you to esoteric attacks." }, - { "TLSECGroup", "The default is a nice secure choice; the other option " - "is less secure." }, { "ControlListenAddress", "Use ControlPort instead." }, { "DirListenAddress", "Use DirPort instead, possibly with the " "NoAdvertise sub-option" }, @@ -1537,23 +1535,6 @@ get_effective_bwburst(const or_options_t *options) return (uint32_t)bw; } -/** Return True if any changes from <b>old_options</b> to - * <b>new_options</b> needs us to refresh our TLS context. */ -static int -options_transition_requires_fresh_tls_context(const or_options_t *old_options, - const or_options_t *new_options) -{ - tor_assert(new_options); - - if (!old_options) - return 0; - - if (!opt_streq(old_options->TLSECGroup, new_options->TLSECGroup)) - return 1; - - return 0; -} - /** * Return true if changing the configuration from <b>old</b> to <b>new</b> * affects the guard susbsystem. @@ -1772,13 +1753,6 @@ options_act(const or_options_t *old_options) log_warn(LD_BUG,"Error initializing keys; exiting"); return -1; } - } else if (old_options && - options_transition_requires_fresh_tls_context(old_options, - options)) { - if (router_initialize_tls_context() < 0) { - log_warn(LD_BUG,"Error initializing TLS context."); - return -1; - } } /* Write our PID to the PID file. If we do not have write permissions we @@ -3140,15 +3114,6 @@ options_validate(or_options_t *old_options, or_options_t *options, } } - if (options->TLSECGroup && (strcasecmp(options->TLSECGroup, "P256") && - strcasecmp(options->TLSECGroup, "P224"))) { - COMPLAIN("Unrecognized TLSECGroup: Falling back to the default."); - tor_free(options->TLSECGroup); - } - if (!evaluate_ecgroup_for_tls(options->TLSECGroup)) { - REJECT("Unsupported TLSECGroup."); - } - if (options->ExcludeNodes && options->StrictNodes) { COMPLAIN("You have asked to exclude certain relays from all positions " "in your circuits. Expect hidden services and other Tor " |