diff options
author | Nick Mathewson <nickm@torproject.org> | 2007-09-11 20:17:22 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2007-09-11 20:17:22 +0000 |
commit | 973502d2905ab4119b1c559295cff62504ada97b (patch) | |
tree | 7b26c9ffbfef215d1cbec48d9984ed348b256711 /src/or/main.c | |
parent | 3c7652ccdbb352351b92c2d00106646e01c87cb6 (diff) | |
download | tor-973502d2905ab4119b1c559295cff62504ada97b.tar.gz tor-973502d2905ab4119b1c559295cff62504ada97b.zip |
r15046@catbus: nickm | 2007-09-11 13:38:36 -0400
Check V3 authority certificates for expiry, and warn the authority op as they get old.
svn:r11427
Diffstat (limited to 'src/or/main.c')
-rw-r--r-- | src/or/main.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/or/main.c b/src/or/main.c index e6e45ecb97..aec50fbeae 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -807,7 +807,9 @@ run_connection_housekeeping(int i, time_t now) static void run_scheduled_events(time_t now) { - static time_t last_rotated_certificate = 0; + static time_t last_rotated_x509_certificate = 0; + static time_t time_to_check_v3_certificate = 0; +#define CHECK_V3_CERTIFICATE_INTERVAL (5*60) static time_t time_to_check_listeners = 0; static time_t time_to_check_descriptor = 0; static time_t time_to_check_ipaddress = 0; @@ -873,16 +875,16 @@ run_scheduled_events(time_t now) } /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */ - if (!last_rotated_certificate) - last_rotated_certificate = now; - if (last_rotated_certificate+MAX_SSL_KEY_LIFETIME < now) { + if (!last_rotated_x509_certificate) + last_rotated_x509_certificate = now; + if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) { log_info(LD_GENERAL,"Rotating tls context."); if (tor_tls_context_new(get_identity_key(), options->Nickname, MAX_SSL_KEY_LIFETIME) < 0) { log_warn(LD_BUG, "Error reinitializing TLS context"); /* XXX is it a bug here, that we just keep going? */ } - last_rotated_certificate = now; + last_rotated_x509_certificate = now; /* XXXX We should rotate TLS connections as well; this code doesn't change * them at all. */ } @@ -921,6 +923,12 @@ run_scheduled_events(time_t now) } } + /* 1e. DOCDOC */ + if (time_to_check_v3_certificate < now) { + v3_authority_check_key_expiry(); + time_to_check_v3_certificate = now + CHECK_V3_CERTIFICATE_INTERVAL; + } + /** 2. Periodically, we consider getting a new directory, getting a * new running-routers list, and/or force-uploading our descriptor * (if we've passed our internal checks). */ |