diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-05-31 18:33:38 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-05-31 18:45:35 -0400 |
| commit | a9be768959c189846178723d5fe44d3b59b0d983 (patch) | |
| tree | 34a4e674f22dd522d339b6c064b075f7db75cd29 /src/or/routerkeys.h | |
| parent | 5b33d95a3dfe943625d78983bb53be2901a51150 (diff) | |
| download | tor-a9be768959c189846178723d5fe44d3b59b0d983.tar.gz tor-a9be768959c189846178723d5fe44d3b59b0d983.zip | |
Bugfix: Regenerate more certificates when appropriate
Previously we could sometimes change our signing key, but not
regenerate the certificates (signing->link and signing->auth) that
were signed with it. Also, we would regularly replace our TLS x.509
link certificate (by rotating our TLS context) but not replace our
signing->link ed25519 certificate. In both cases, the resulting
inconsistency would make other relays reject our link handshakes.
Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
Diffstat (limited to 'src/or/routerkeys.h')
| -rw-r--r-- | src/or/routerkeys.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/or/routerkeys.h b/src/or/routerkeys.h index d2027f4bbe..845abb4c70 100644 --- a/src/or/routerkeys.h +++ b/src/or/routerkeys.h @@ -66,7 +66,7 @@ MOCK_DECL(int, check_tap_onion_key_crosscert,(const uint8_t *crosscert, int load_ed_keys(const or_options_t *options, time_t now); int should_make_new_ed_keys(const or_options_t *options, const time_t now); -int generate_ed_link_cert(const or_options_t *options, time_t now); +int generate_ed_link_cert(const or_options_t *options, time_t now, int force); int read_encrypted_secret_key(ed25519_secret_key_t *out, const char *fname); |