summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorGeorge Kadianakis <desnacked@gmail.com>2011-11-23 23:39:46 +0100
committerGeorge Kadianakis <desnacked@gmail.com>2011-11-24 22:13:38 +0100
commit42bda231ee10db0136cf2ffb56a38ce290891794 (patch)
treef2bc195fa44916041367be18a1c809b085f5a9e0 /src/or
parent21babd152e2669d446610be6e343db667397dde4 (diff)
downloadtor-42bda231ee10db0136cf2ffb56a38ce290891794.tar.gz
tor-42bda231ee10db0136cf2ffb56a38ce290891794.zip
Make DynamicPrimes SIGHUP-able.
Instead of passing the DynamicPrimes configuration option to crypto_global_init(), generate and set a new TLS DH prime when we read the torrc.
Diffstat (limited to 'src/or')
-rw-r--r--src/or/config.c17
-rw-r--r--src/or/main.c3
2 files changed, 18 insertions, 2 deletions
diff --git a/src/or/config.c b/src/or/config.c
index 4766b24196..a113f7b2da 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1362,6 +1362,23 @@ options_act(const or_options_t *old_options)
finish_daemon(options->DataDirectory);
}
+ /* If needed, generate a new TLS DH prime according to the current torrc. */
+ if (!old_options) {
+ if (options->DynamicPrimes) {
+ crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime());
+ } else {
+ crypto_set_tls_dh_prime(0, NULL);
+ }
+ } else {
+ if (options->DynamicPrimes && !old_options->DynamicPrimes) {
+ crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime());
+ } else if (!options->DynamicPrimes && old_options->DynamicPrimes) {
+ crypto_set_tlS_dh_prime(0, NULL);
+ } else {
+ tor_assert(crypto_get_tls_dh_prime);
+ }
+ }
+
/* We want to reinit keys as needed before we do much of anything else:
keys are important, and other things can depend on them. */
if (transition_affects_workers ||
diff --git a/src/or/main.c b/src/or/main.c
index 3c75e1c645..0d2127d336 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2275,8 +2275,7 @@ tor_init(int argc, char *argv[])
if (crypto_global_init(get_options()->HardwareAccel,
get_options()->AccelName,
- get_options()->AccelDir,
- get_options()->DynamicPrimes)) {
+ get_options()->AccelDir) {
log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
return -1;
}