diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-05-31 18:33:38 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-05-31 18:45:35 -0400 |
| commit | a9be768959c189846178723d5fe44d3b59b0d983 (patch) | |
| tree | 34a4e674f22dd522d339b6c064b075f7db75cd29 /src/or/main.c | |
| parent | 5b33d95a3dfe943625d78983bb53be2901a51150 (diff) | |
| download | tor-a9be768959c189846178723d5fe44d3b59b0d983.tar.gz tor-a9be768959c189846178723d5fe44d3b59b0d983.zip | |
Bugfix: Regenerate more certificates when appropriate
Previously we could sometimes change our signing key, but not
regenerate the certificates (signing->link and signing->auth) that
were signed with it. Also, we would regularly replace our TLS x.509
link certificate (by rotating our TLS context) but not replace our
signing->link ed25519 certificate. In both cases, the resulting
inconsistency would make other relays reject our link handshakes.
Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
Diffstat (limited to 'src/or/main.c')
| -rw-r--r-- | src/or/main.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/src/or/main.c b/src/or/main.c index bc7b3db2b9..3139381f30 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1506,8 +1506,9 @@ check_ed_keys_callback(time_t now, const or_options_t *options) { if (server_mode(options)) { if (should_make_new_ed_keys(options, now)) { - if (load_ed_keys(options, now) < 0 || - generate_ed_link_cert(options, now)) { + int new_signing_key = load_ed_keys(options, now); + if (new_signing_key < 0 || + generate_ed_link_cert(options, now, new_signing_key > 0)) { log_err(LD_OR, "Unable to update Ed25519 keys! Exiting."); tor_cleanup(); exit(0); @@ -1559,6 +1560,11 @@ rotate_x509_certificate_callback(time_t now, const or_options_t *options) log_err(LD_BUG, "Error reinitializing TLS context"); tor_assert_unreached(); } + if (generate_ed_link_cert(options, now, 1)) { + log_err(LD_OR, "Unable to update Ed25519->TLS link certificate for " + "new TLS context."); + tor_assert_unreached(); + } /* We also make sure to rotate the TLS connections themselves if they've * been up for too long -- but that's done via is_bad_for_new_circs in @@ -2298,8 +2304,9 @@ do_hup(void) /* Maybe we've been given a new ed25519 key or certificate? */ time_t now = approx_time(); - if (load_ed_keys(options, now) < 0 || - generate_ed_link_cert(options, now)) { + int new_signing_key = load_ed_keys(options, now); + if (new_signing_key < 0 || + generate_ed_link_cert(options, now, new_signing_key > 0)) { log_warn(LD_OR, "Problem reloading Ed25519 keys; still using old keys."); } @@ -3627,7 +3634,7 @@ tor_main(int argc, char *argv[]) result = do_main_loop(); break; case CMD_KEYGEN: - result = load_ed_keys(get_options(), time(NULL)); + result = load_ed_keys(get_options(), time(NULL)) < 0; break; case CMD_LIST_FINGERPRINT: result = do_list_fingerprint(); |