From 62ec584a3014b9b9333dcc6feb4989d1592d6d26 Mon Sep 17 00:00:00 2001
From: Roger Dingledine <arma@torproject.org>
Date: Tue, 13 Sep 2011 18:24:45 -0400
Subject: Generate our ssl session certs with a plausible lifetime

Nobody but Tor uses certs on the wire with 2 hour lifetimes,
and it makes us stand out. Resolves ticket 4014.
---
 src/or/or.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/or/or.h')

diff --git a/src/or/or.h b/src/or/or.h
index 976ba9f8e5..0f5b2bb17b 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -166,7 +166,9 @@
 /** How often do we rotate onion keys? */
 #define MIN_ONION_KEY_LIFETIME (7*24*60*60)
 /** How often do we rotate TLS contexts? */
-#define MAX_SSL_KEY_LIFETIME (2*60*60)
+#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
+/** What expiry time shall we place on our SSL certs? */
+#define MAX_SSL_KEY_LIFETIME_ADVERTISED (365*24*60*60)
 
 /** How old do we allow a router to get before removing it
  * from the router list? In seconds. */
-- 
cgit v1.2.3-54-g00ecf