commit f477ddcc20d5fc8c130b630854947a337881cd23 Author: George Kadianakis desnacked@gmail.com Date: Fri Nov 25 17:44:43 2011 +0100
Only bother with dynamic DH moduli if we are a bridge. --- src/or/config.c | 32 ++++++++++++++++++-------------- 1 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c index d403dec..a846ca9 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1363,22 +1363,26 @@ options_act(const or_options_t *old_options) }
/* If needed, generate a new TLS DH prime according to the current torrc. */ - if (!old_options) { - if (options->DynamicDHGroups) { - char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus"); - crypto_set_tls_dh_prime(fname); - tor_free(fname); + if (server_mode(options) && options->BridgeRelay) { + if (!old_options) { + if (options->DynamicDHGroups) { + char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus"); + crypto_set_tls_dh_prime(fname); + tor_free(fname); + } else { + crypto_set_tls_dh_prime(NULL); + } } else { - crypto_set_tls_dh_prime(NULL); - } - } else { - if (options->DynamicDHGroups && !old_options->DynamicDHGroups) { - char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus"); - crypto_set_tls_dh_prime(fname); - tor_free(fname); - } else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) { - crypto_set_tls_dh_prime(NULL); + if (options->DynamicDHGroups && !old_options->DynamicDHGroups) { + char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus"); + crypto_set_tls_dh_prime(fname); + tor_free(fname); + } else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) { + crypto_set_tls_dh_prime(NULL); + } } + } else { /* clients don't need a dynamic DH prime. */ + crypto_set_tls_dh_prime(NULL); }
/* We want to reinit keys as needed before we do much of anything else: