[or-cvs] r11427: Check V3 authority certificates for expiry, and warn the aut (in tor/trunk: . doc src/or)
nickm at seul.org
nickm at seul.org
Tue Sep 11 20:17:22 UTC 2007
Author: nickm
Date: 2007-09-11 16:17:22 -0400 (Tue, 11 Sep 2007)
New Revision: 11427
Modified:
tor/trunk/
tor/trunk/doc/TODO
tor/trunk/src/or/main.c
tor/trunk/src/or/or.h
tor/trunk/src/or/router.c
Log:
r15046 at catbus: nickm | 2007-09-11 13:38:36 -0400
Check V3 authority certificates for expiry, and warn the authority op as they get old.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r15046] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO 2007-09-11 20:17:20 UTC (rev 11426)
+++ tor/trunk/doc/TODO 2007-09-11 20:17:22 UTC (rev 11427)
@@ -69,7 +69,7 @@
o Don't count votes with a different valid-after when generating
the same consensus.
- Dump certificates with the wrong time. Or just warn?
- - Warn authority ops when their certs are nearly invalid.
+ o Warn authority ops when their certs are nearly invalid.
- When checking a consensus, make sure that its times are plausible.
o Add a function that will eventually tell us about our clock skew.
For now, just require that authorities not be skewed.
Modified: tor/trunk/src/or/main.c
===================================================================
--- tor/trunk/src/or/main.c 2007-09-11 20:17:20 UTC (rev 11426)
+++ tor/trunk/src/or/main.c 2007-09-11 20:17:22 UTC (rev 11427)
@@ -807,7 +807,9 @@
static void
run_scheduled_events(time_t now)
{
- static time_t last_rotated_certificate = 0;
+ static time_t last_rotated_x509_certificate = 0;
+ static time_t time_to_check_v3_certificate = 0;
+#define CHECK_V3_CERTIFICATE_INTERVAL (5*60)
static time_t time_to_check_listeners = 0;
static time_t time_to_check_descriptor = 0;
static time_t time_to_check_ipaddress = 0;
@@ -873,16 +875,16 @@
}
/** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */
- if (!last_rotated_certificate)
- last_rotated_certificate = now;
- if (last_rotated_certificate+MAX_SSL_KEY_LIFETIME < now) {
+ if (!last_rotated_x509_certificate)
+ last_rotated_x509_certificate = now;
+ if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) {
log_info(LD_GENERAL,"Rotating tls context.");
if (tor_tls_context_new(get_identity_key(), options->Nickname,
MAX_SSL_KEY_LIFETIME) < 0) {
log_warn(LD_BUG, "Error reinitializing TLS context");
/* XXX is it a bug here, that we just keep going? */
}
- last_rotated_certificate = now;
+ last_rotated_x509_certificate = now;
/* XXXX We should rotate TLS connections as well; this code doesn't change
* them at all. */
}
@@ -921,6 +923,12 @@
}
}
+ /* 1e. DOCDOC */
+ if (time_to_check_v3_certificate < now) {
+ v3_authority_check_key_expiry();
+ time_to_check_v3_certificate = now + CHECK_V3_CERTIFICATE_INTERVAL;
+ }
+
/** 2. Periodically, we consider getting a new directory, getting a
* new running-routers list, and/or force-uploading our descriptor
* (if we've passed our internal checks). */
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2007-09-11 20:17:20 UTC (rev 11426)
+++ tor/trunk/src/or/or.h 2007-09-11 20:17:22 UTC (rev 11427)
@@ -3340,6 +3340,8 @@
void rotate_onion_key(void);
crypto_pk_env_t *init_key_from_file(const char *fname, int generate,
int severity);
+void v3_authority_check_key_expiry(void);
+
int init_keys(void);
int check_whether_orport_reachable(void);
Modified: tor/trunk/src/or/router.c
===================================================================
--- tor/trunk/src/or/router.c 2007-09-11 20:17:20 UTC (rev 11426)
+++ tor/trunk/src/or/router.c 2007-09-11 20:17:22 UTC (rev 11427)
@@ -259,7 +259,7 @@
/** Load the v3 (voting) authority signing key and certificate from
* <b>keydir</b>, if they are present. */
-/* XXXX020 maybe move to dirserv.c */
+/* XXXX020 maybe move to dirserv.c or dirvote.c */
static void
init_v3_authority_keys(const char *keydir)
{
@@ -299,6 +299,8 @@
parsed->cache_info.signed_descriptor_len = eos-cert;
cert = NULL;
+ /* Free old values! XXXX020 */
+
authority_key_certificate = parsed;
authority_signing_key = signing_key;
parsed = NULL;
@@ -313,6 +315,51 @@
authority_cert_free(parsed);
}
+/* DOCDOC */
+void
+v3_authority_check_key_expiry(void)
+{
+ time_t now, expires;
+ static time_t last_warned = 0;
+ int badness, time_left, warn_interval;
+ if (!authdir_mode_v3(get_options()) || !authority_key_certificate)
+ return;
+
+ now = time(NULL);
+ expires = authority_key_certificate->expires;
+ time_left = expires - now;
+ if (time_left <= 0) {
+ badness = LOG_ERR;
+ warn_interval = 60*60;
+ } else if (time_left <= 24*60*60) {
+ badness = LOG_WARN;
+ warn_interval = 60*60;
+ } else if (time_left <= 24*60*60*7) {
+ badness = LOG_WARN;
+ warn_interval = 24*60*60;
+ } else if (time_left <= 24*60*60*30) {
+ badness = LOG_WARN;
+ warn_interval = 24*60*60*5;
+ } else {
+ return;
+ }
+
+ if (last_warned + warn_interval > now)
+ return;
+
+ if (time_left <= 0) {
+ log(badness, LD_DIR, "Your v3 authority certificate has expired."
+ " Generate a new one NOW.");
+ } else if (time_left <= 24*60*60) {
+ log(badness, LD_DIR, "Your v3 authority certificate expires in %d hours;"
+ " Generate a new one NOW.", time_left/(60*60));
+ } else {
+ log(badness, LD_DIR, "Your v3 authority certificate expires in %d days;"
+ " Generate a new one soon.", time_left/(24*60*60));
+ }
+ last_warned = now;
+}
+
/** Initialize all OR private keys, and the TLS context, as necessary.
* On OPs, this only initializes the tls context. Return 0 on success,
* or -1 if Tor should die.
More information about the tor-commits
mailing list