diff options
| author | Roger Dingledine <arma@torproject.org> | 2011-09-13 18:24:45 -0400 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2011-09-13 18:24:45 -0400 |
| commit | 62ec584a3014b9b9333dcc6feb4989d1592d6d26 (patch) | |
| tree | abba517b55ab5990fc0b05ff2fb76d5e9bc85f87 /src/or/main.c | |
| parent | c75ee94ab41e3a76e8159366defe3159614b497c (diff) | |
| download | tor-62ec584a3014b9b9333dcc6feb4989d1592d6d26.tar tor-62ec584a3014b9b9333dcc6feb4989d1592d6d26.tar.gz | |
Generate our ssl session certs with a plausible lifetime
Nobody but Tor uses certs on the wire with 2 hour lifetimes,
and it makes us stand out. Resolves ticket 4014.
Diffstat (limited to 'src/or/main.c')
| -rw-r--r-- | src/or/main.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/or/main.c b/src/or/main.c index e44fd4946..3c879dcd0 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -866,12 +866,14 @@ run_scheduled_events(time_t now) now + DESCRIPTOR_FAILURE_RESET_INTERVAL; } - /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */ + /** 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our + * TLS context. */ if (!last_rotated_x509_certificate) last_rotated_x509_certificate = now; - if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) { + if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME_INTERNAL < now) { log_info(LD_GENERAL,"Rotating tls context."); - if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) { + if (tor_tls_context_new(get_identity_key(), + MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) { log_warn(LD_BUG, "Error reinitializing TLS context"); /* XXX is it a bug here, that we just keep going? -RD */ } |