diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-05-31 18:33:38 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-05-31 18:45:35 -0400 |
| commit | a9be768959c189846178723d5fe44d3b59b0d983 (patch) | |
| tree | 34a4e674f22dd522d339b6c064b075f7db75cd29 /src/or/router.c | |
| parent | 5b33d95a3dfe943625d78983bb53be2901a51150 (diff) | |
| download | tor-a9be768959c189846178723d5fe44d3b59b0d983.tar.gz tor-a9be768959c189846178723d5fe44d3b59b0d983.zip | |
Bugfix: Regenerate more certificates when appropriate
Previously we could sometimes change our signing key, but not
regenerate the certificates (signing->link and signing->auth) that
were signed with it. Also, we would regularly replace our TLS x.509
link certificate (by rotating our TLS context) but not replace our
signing->link ed25519 certificate. In both cases, the resulting
inconsistency would make other relays reject our link handshakes.
Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
Diffstat (limited to 'src/or/router.c')
| -rw-r--r-- | src/or/router.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/or/router.c b/src/or/router.c index e4fa72a283..f6b03cde27 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -906,7 +906,8 @@ init_keys(void) } /* 1d. Load all ed25519 keys */ - if (load_ed_keys(options,now) < 0) + const int new_signing_key = load_ed_keys(options,now); + if (new_signing_key < 0) return -1; /* 2. Read onion key. Make it if none is found. */ @@ -976,7 +977,7 @@ init_keys(void) /* 3b. Get an ed25519 link certificate. Note that we need to do this * after we set up the TLS context */ - if (generate_ed_link_cert(options, now) < 0) { + if (generate_ed_link_cert(options, now, new_signing_key > 0) < 0) { log_err(LD_GENERAL,"Couldn't make link cert"); return -1; } |