diff options
| author | Robert Ransom <rransom.8774@gmail.com> | 2010-10-03 18:14:08 -0700 |
|---|---|---|
| committer | Robert Ransom <rransom.8774@gmail.com> | 2010-10-04 21:51:47 -0700 |
| commit | 17efbe031d4b96d872b2e0bdf3785b232f49bf44 (patch) | |
| tree | 05ccd03ad8e8ad788bec0304f6d3be902f196e76 /src/or | |
| parent | d3879dbd16ccc7b6bc8393f92343f8669f8e0dc4 (diff) | |
| download | tor-17efbe031d4b96d872b2e0bdf3785b232f49bf44.tar tor-17efbe031d4b96d872b2e0bdf3785b232f49bf44.tar.gz | |
Maintain separate server and client TLS contexts.
Fixes bug #988.
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/main.c | 10 | ||||
| -rw-r--r-- | src/or/router.c | 12 |
2 files changed, 16 insertions, 6 deletions
diff --git a/src/or/main.c b/src/or/main.c index 5091e2072..01c27f0ef 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -875,6 +875,7 @@ run_scheduled_events(time_t now) static int should_init_bridge_stats = 1; static time_t time_to_retry_dns_init = 0; or_options_t *options = get_options(); + int is_server = server_mode(options); int i; int have_dir_info; @@ -896,7 +897,7 @@ run_scheduled_events(time_t now) * shut down and restart all cpuworkers, and update the directory if * necessary. */ - if (server_mode(options) && + if (is_server && get_onion_key_set_at()+MIN_ONION_KEY_LIFETIME < now) { log_info(LD_GENERAL,"Rotating onion key."); rotate_onion_key(); @@ -930,7 +931,10 @@ run_scheduled_events(time_t now) last_rotated_x509_certificate = now; if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) { log_info(LD_GENERAL,"Rotating tls context."); - if (tor_tls_context_init(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) { + if (tor_tls_context_init(public_server_mode(options), + get_identity_key(), + is_server ? get_identity_key() : NULL, + MAX_SSL_KEY_LIFETIME) < 0) { log_warn(LD_BUG, "Error reinitializing TLS context"); /* XXX is it a bug here, that we just keep going? -RD */ } @@ -1213,7 +1217,7 @@ run_scheduled_events(time_t now) /** 9. and if we're a server, check whether our DNS is telling stories to * us. */ - if (server_mode(options) && time_to_check_for_correct_dns < now) { + if (is_server && time_to_check_for_correct_dns < now) { if (!time_to_check_for_correct_dns) { time_to_check_for_correct_dns = now + 60 + crypto_rand_int(120); } else { diff --git a/src/or/router.c b/src/or/router.c index bde6e25a7..c59e4b2ca 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -471,8 +471,11 @@ init_keys(void) return -1; } set_identity_key(prkey); - /* Create a TLS context; default the client nickname to "client". */ - if (tor_tls_context_init(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) { + /* Create a TLS context. */ + if (tor_tls_context_init(0, + get_identity_key(), + NULL, + MAX_SSL_KEY_LIFETIME) < 0) { log_err(LD_GENERAL,"Error creating TLS context for Tor client."); return -1; } @@ -550,7 +553,10 @@ init_keys(void) tor_free(keydir); /* 3. Initialize link key and TLS context. */ - if (tor_tls_context_init(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) { + if (tor_tls_context_init(public_server_mode(options), + get_identity_key(), + get_identity_key(), + MAX_SSL_KEY_LIFETIME) < 0) { log_err(LD_GENERAL,"Error initializing TLS context"); return -1; } |