diff options
| -rw-r--r-- | doc/TODO | 2 | ||||
| -rw-r--r-- | src/or/main.c | 18 | ||||
| -rw-r--r-- | src/or/or.h | 2 | ||||
| -rw-r--r-- | src/or/router.c | 49 |
4 files changed, 64 insertions, 7 deletions
@@ -69,7 +69,7 @@ Things we'd like to do in 0.2.0.x: o Don't count votes with a different valid-after when generating the same consensus. - Dump certificates with the wrong time. Or just warn? - - Warn authority ops when their certs are nearly invalid. + o Warn authority ops when their certs are nearly invalid. - When checking a consensus, make sure that its times are plausible. o Add a function that will eventually tell us about our clock skew. For now, just require that authorities not be skewed. diff --git a/src/or/main.c b/src/or/main.c index e6e45ecb9..aec50fbea 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -807,7 +807,9 @@ run_connection_housekeeping(int i, time_t now) static void run_scheduled_events(time_t now) { - static time_t last_rotated_certificate = 0; + static time_t last_rotated_x509_certificate = 0; + static time_t time_to_check_v3_certificate = 0; +#define CHECK_V3_CERTIFICATE_INTERVAL (5*60) static time_t time_to_check_listeners = 0; static time_t time_to_check_descriptor = 0; static time_t time_to_check_ipaddress = 0; @@ -873,16 +875,16 @@ run_scheduled_events(time_t now) } /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */ - if (!last_rotated_certificate) - last_rotated_certificate = now; - if (last_rotated_certificate+MAX_SSL_KEY_LIFETIME < now) { + if (!last_rotated_x509_certificate) + last_rotated_x509_certificate = now; + if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) { log_info(LD_GENERAL,"Rotating tls context."); if (tor_tls_context_new(get_identity_key(), options->Nickname, MAX_SSL_KEY_LIFETIME) < 0) { log_warn(LD_BUG, "Error reinitializing TLS context"); /* XXX is it a bug here, that we just keep going? */ } - last_rotated_certificate = now; + last_rotated_x509_certificate = now; /* XXXX We should rotate TLS connections as well; this code doesn't change * them at all. */ } @@ -921,6 +923,12 @@ run_scheduled_events(time_t now) } } + /* 1e. DOCDOC */ + if (time_to_check_v3_certificate < now) { + v3_authority_check_key_expiry(); + time_to_check_v3_certificate = now + CHECK_V3_CERTIFICATE_INTERVAL; + } + /** 2. Periodically, we consider getting a new directory, getting a * new running-routers list, and/or force-uploading our descriptor * (if we've passed our internal checks). */ diff --git a/src/or/or.h b/src/or/or.h index c1d879bbe..2f1e1b0fa 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3340,6 +3340,8 @@ void dup_onion_keys(crypto_pk_env_t **key, crypto_pk_env_t **last); void rotate_onion_key(void); crypto_pk_env_t *init_key_from_file(const char *fname, int generate, int severity); +void v3_authority_check_key_expiry(void); + int init_keys(void); int check_whether_orport_reachable(void); diff --git a/src/or/router.c b/src/or/router.c index 6cfd47fbc..3420674fe 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -259,7 +259,7 @@ init_key_from_file(const char *fname, int generate, int severity) /** Load the v3 (voting) authority signing key and certificate from * <b>keydir</b>, if they are present. */ -/* XXXX020 maybe move to dirserv.c */ +/* XXXX020 maybe move to dirserv.c or dirvote.c */ static void init_v3_authority_keys(const char *keydir) { @@ -299,6 +299,8 @@ init_v3_authority_keys(const char *keydir) parsed->cache_info.signed_descriptor_len = eos-cert; cert = NULL; + /* Free old values! XXXX020 */ + authority_key_certificate = parsed; authority_signing_key = signing_key; parsed = NULL; @@ -313,6 +315,51 @@ init_v3_authority_keys(const char *keydir) authority_cert_free(parsed); } +/* DOCDOC */ +void +v3_authority_check_key_expiry(void) +{ + time_t now, expires; + static time_t last_warned = 0; + int badness, time_left, warn_interval; + if (!authdir_mode_v3(get_options()) || !authority_key_certificate) + return; + + now = time(NULL); + expires = authority_key_certificate->expires; + time_left = expires - now; + if (time_left <= 0) { + badness = LOG_ERR; + warn_interval = 60*60; + } else if (time_left <= 24*60*60) { + badness = LOG_WARN; + warn_interval = 60*60; + } else if (time_left <= 24*60*60*7) { + badness = LOG_WARN; + warn_interval = 24*60*60; + } else if (time_left <= 24*60*60*30) { + badness = LOG_WARN; + warn_interval = 24*60*60*5; + } else { + return; + } + + if (last_warned + warn_interval > now) + return; + + if (time_left <= 0) { + log(badness, LD_DIR, "Your v3 authority certificate has expired." + " Generate a new one NOW."); + } else if (time_left <= 24*60*60) { + log(badness, LD_DIR, "Your v3 authority certificate expires in %d hours;" + " Generate a new one NOW.", time_left/(60*60)); + } else { + log(badness, LD_DIR, "Your v3 authority certificate expires in %d days;" + " Generate a new one soon.", time_left/(24*60*60)); + } + last_warned = now; +} + /** Initialize all OR private keys, and the TLS context, as necessary. * On OPs, this only initializes the tls context. Return 0 on success, * or -1 if Tor should die. |