diff options
author | George Kadianakis <desnacked@gmail.com> | 2011-11-23 23:39:46 +0100 |
---|---|---|
committer | George Kadianakis <desnacked@gmail.com> | 2011-11-24 22:13:38 +0100 |
commit | 42bda231ee10db0136cf2ffb56a38ce290891794 (patch) | |
tree | f2bc195fa44916041367be18a1c809b085f5a9e0 /src/or | |
parent | 21babd152e2669d446610be6e343db667397dde4 (diff) | |
download | tor-42bda231ee10db0136cf2ffb56a38ce290891794.tar.gz tor-42bda231ee10db0136cf2ffb56a38ce290891794.zip |
Make DynamicPrimes SIGHUP-able.
Instead of passing the DynamicPrimes configuration option to
crypto_global_init(), generate and set a new TLS DH prime when we read
the torrc.
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/config.c | 17 | ||||
-rw-r--r-- | src/or/main.c | 3 |
2 files changed, 18 insertions, 2 deletions
diff --git a/src/or/config.c b/src/or/config.c index 4766b24196..a113f7b2da 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1362,6 +1362,23 @@ options_act(const or_options_t *old_options) finish_daemon(options->DataDirectory); } + /* If needed, generate a new TLS DH prime according to the current torrc. */ + if (!old_options) { + if (options->DynamicPrimes) { + crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime()); + } else { + crypto_set_tls_dh_prime(0, NULL); + } + } else { + if (options->DynamicPrimes && !old_options->DynamicPrimes) { + crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime()); + } else if (!options->DynamicPrimes && old_options->DynamicPrimes) { + crypto_set_tlS_dh_prime(0, NULL); + } else { + tor_assert(crypto_get_tls_dh_prime); + } + } + /* We want to reinit keys as needed before we do much of anything else: keys are important, and other things can depend on them. */ if (transition_affects_workers || diff --git a/src/or/main.c b/src/or/main.c index 3c75e1c645..0d2127d336 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2275,8 +2275,7 @@ tor_init(int argc, char *argv[]) if (crypto_global_init(get_options()->HardwareAccel, get_options()->AccelName, - get_options()->AccelDir, - get_options()->DynamicPrimes)) { + get_options()->AccelDir) { log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting."); return -1; } |