diff options
| author | Roger Dingledine <arma@torproject.org> | 2013-03-10 16:28:28 -0400 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2013-03-10 23:38:18 -0400 |
| commit | 0196647970a91d2bdb052f38b3749dd0e99348e4 (patch) | |
| tree | d0d3d2632d093926d960b267e5322561700a1650 /src/or/router.c | |
| parent | edd6f02273c58bfe39a978dd5c7b8765aae0b886 (diff) | |
| download | tor-0196647970a91d2bdb052f38b3749dd0e99348e4.tar.gz tor-0196647970a91d2bdb052f38b3749dd0e99348e4.zip | |
start part-way through the ssl cert lifetime
also, snap the start time and end time to a day boundary, since most
certs in the wild seem to do this.
Diffstat (limited to 'src/or/router.c')
| -rw-r--r-- | src/or/router.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/or/router.c b/src/or/router.c index 211366351b..422fe5db2e 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -660,8 +660,18 @@ router_initialize_tls_context(void) flags |= TOR_TLS_CTX_USE_ECDHE_P224; } if (!lifetime) { /* we should guess a good ssl cert lifetime */ - /* choose between 1 and 365 days */ - lifetime = 1*24*3600 + crypto_rand_int(364*24*3600); + + /* choose between 5 and 365 days, and round to the day */ + lifetime = 5*24*3600 + crypto_rand_int(361*24*3600); + lifetime -= lifetime % (24*3600); + + if (crypto_rand_int(2)) { + /* Half the time we expire at midnight, and half the time we expire + * one second before midnight. (Some CAs wobble their expiry times a + * bit in practice, perhaps to reduce collision attacks; see ticket + * 8443 for details about observed certs in the wild.) */ + lifetime--; + } } /* It's ok to pass lifetime in as an unsigned int, since |