diff options
| author | Robert Ransom <rransom.8774@gmail.com> | 2010-10-03 18:14:08 -0700 |
|---|---|---|
| committer | Sebastian Hahn <sebastian@torproject.org> | 2011-10-26 14:13:55 +0200 |
| commit | 9976df9e5619b89339390c322138f7228b8fa715 (patch) | |
| tree | c27f98930644472c31fa1f71b8d841b662eeecba /src/or | |
| parent | 878164011108c16574d6ce1d9530fe83a3109bad (diff) | |
| download | tor-9976df9e5619b89339390c322138f7228b8fa715.tar.gz tor-9976df9e5619b89339390c322138f7228b8fa715.zip | |
Maintain separate server and client TLS contexts.
Fixes bug #988.
Conflicts:
src/or/main.c
src/or/router.c
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/main.c | 10 | ||||
| -rw-r--r-- | src/or/router.c | 13 |
2 files changed, 16 insertions, 7 deletions
diff --git a/src/or/main.c b/src/or/main.c index fe1f42ece3..00fce80024 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -816,6 +816,7 @@ run_scheduled_events(time_t now) static time_t time_to_dump_geoip_stats = 0; static time_t time_to_retry_dns_init = 0; or_options_t *options = get_options(); + int is_server = server_mode(options); int i; int have_dir_info; @@ -837,7 +838,7 @@ run_scheduled_events(time_t now) * shut down and restart all cpuworkers, and update the directory if * necessary. */ - if (server_mode(options) && + if (is_server && get_onion_key_set_at()+MIN_ONION_KEY_LIFETIME < now) { log_info(LD_GENERAL,"Rotating onion key."); rotate_onion_key(); @@ -872,7 +873,10 @@ run_scheduled_events(time_t now) last_rotated_x509_certificate = now; if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME_INTERNAL < now) { log_info(LD_GENERAL,"Rotating tls context."); - if (tor_tls_context_init(get_identity_key(), MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) { + if (tor_tls_context_init(public_server_mode(options), + get_identity_key(), + is_server ? get_identity_key() : NULL, + MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) { log_warn(LD_BUG, "Error reinitializing TLS context"); /* XXX is it a bug here, that we just keep going? -RD */ } @@ -1110,7 +1114,7 @@ run_scheduled_events(time_t now) /** 9. and if we're a server, check whether our DNS is telling stories to * us. */ - if (server_mode(options) && time_to_check_for_correct_dns < now) { + if (is_server && time_to_check_for_correct_dns < now) { if (!time_to_check_for_correct_dns) { time_to_check_for_correct_dns = now + 60 + crypto_rand_int(120); } else { diff --git a/src/or/router.c b/src/or/router.c index 9afa983bc3..dce2ad6018 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -457,8 +457,11 @@ init_keys(void) return -1; } set_identity_key(prkey); - /* Create a TLS context; default the client nickname to "client". */ - if (tor_tls_context_init(get_identity_key(), MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) { + /* Create a TLS context. */ + if (tor_tls_context_init(0, + get_identity_key(), + NULL, + MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) { log_err(LD_GENERAL,"Error creating TLS context for Tor client."); return -1; } @@ -536,8 +539,10 @@ init_keys(void) tor_free(keydir); /* 3. Initialize link key and TLS context. */ - if (tor_tls_context_init(get_identity_key(), - MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) { + if (tor_tls_context_init(public_server_mode(options), + get_identity_key(), + get_identity_key(), + MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) { log_err(LD_GENERAL,"Error initializing TLS context"); return -1; } |