start part-way through the ssl cert lifetime

also, snap the start time and end time to a day boundary, since most certs in the wild seem to do this.
author: Roger Dingledine <arma@torproject.org> 2013-03-10 16:28:28 -0400
committer: Roger Dingledine <arma@torproject.org> 2013-03-10 23:38:18 -0400
commit: 0196647970a91d2bdb052f38b3749dd0e99348e4 (patch)
tree: d0d3d2632d093926d960b267e5322561700a1650 /src/or
parent: edd6f02273c58bfe39a978dd5c7b8765aae0b886 (diff)
download: tor-0196647970a91d2bdb052f38b3749dd0e99348e4.tar
tor-0196647970a91d2bdb052f38b3749dd0e99348e4.tar.gz
1 files changed, 12 insertions, 2 deletions
diff --git a/src/or/router.c b/src/or/router.c
index 211366351..422fe5db2 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -660,8 +660,18 @@ router_initialize_tls_context(void)
       flags |= TOR_TLS_CTX_USE_ECDHE_P224;
   }
   if (!lifetime) { /* we should guess a good ssl cert lifetime */
-    /* choose between 1 and 365 days */
-    lifetime = 1*24*3600 + crypto_rand_int(364*24*3600);
+
+    /* choose between 5 and 365 days, and round to the day */
+    lifetime = 5*24*3600 + crypto_rand_int(361*24*3600);
+    lifetime -= lifetime % (24*3600);
+
+    if (crypto_rand_int(2)) {
+      /* Half the time we expire at midnight, and half the time we expire
+       * one second before midnight. (Some CAs wobble their expiry times a
+       * bit in practice, perhaps to reduce collision attacks; see ticket
+       * 8443 for details about observed certs in the wild.) */
+      lifetime--;
+    }
   }
 
   /* It's ok to pass lifetime in as an unsigned int, since
author	Roger Dingledine <arma@torproject.org>	2013-03-10 16:28:28 -0400
committer	Roger Dingledine <arma@torproject.org>	2013-03-10 23:38:18 -0400
commit	0196647970a91d2bdb052f38b3749dd0e99348e4 (patch)
tree	d0d3d2632d093926d960b267e5322561700a1650 /src/or
parent	edd6f02273c58bfe39a978dd5c7b8765aae0b886 (diff)
download	tor-0196647970a91d2bdb052f38b3749dd0e99348e4.tar tor-0196647970a91d2bdb052f38b3749dd0e99348e4.tar.gz