aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/config.c17
-rw-r--r--src/or/main.c3
2 files changed, 18 insertions, 2 deletions
diff --git a/src/or/config.c b/src/or/config.c
index 4766b2419..a113f7b2d 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1362,6 +1362,23 @@ options_act(const or_options_t *old_options)
finish_daemon(options->DataDirectory);
}
+ /* If needed, generate a new TLS DH prime according to the current torrc. */
+ if (!old_options) {
+ if (options->DynamicPrimes) {
+ crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime());
+ } else {
+ crypto_set_tls_dh_prime(0, NULL);
+ }
+ } else {
+ if (options->DynamicPrimes && !old_options->DynamicPrimes) {
+ crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime());
+ } else if (!options->DynamicPrimes && old_options->DynamicPrimes) {
+ crypto_set_tlS_dh_prime(0, NULL);
+ } else {
+ tor_assert(crypto_get_tls_dh_prime);
+ }
+ }
+
/* We want to reinit keys as needed before we do much of anything else:
keys are important, and other things can depend on them. */
if (transition_affects_workers ||
diff --git a/src/or/main.c b/src/or/main.c
index 3c75e1c64..0d2127d33 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2275,8 +2275,7 @@ tor_init(int argc, char *argv[])
if (crypto_global_init(get_options()->HardwareAccel,
get_options()->AccelName,
- get_options()->AccelDir,
- get_options()->DynamicPrimes)) {
+ get_options()->AccelDir) {
log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
return -1;
}
generated by cgit v1.2.3 (git 2.45.0) at 2024-12-02 20:49:37 +0000