[tor-commits] [tor/maint-0.2.2] Merge branch 'maint-0.2.1' into maint-0.2.2

arma at torproject.org arma at torproject.org
Tue Sep 13 22:31:48 UTC 2011 

commit 4a351b4b9ebfadf27d68e6bb3e1470cdef83ef45
Merge: d679ef6 62ec584
Author: Roger Dingledine <arma at torproject.org>
Date:   Tue Sep 13 18:27:13 2011 -0400

    Merge branch 'maint-0.2.1' into maint-0.2.2
    
    Conflicts:
    	src/or/main.c
    	src/or/router.c

 changes/bug4014 |    3 +++
 src/or/main.c   |    7 ++++---
 src/or/or.h     |    4 +++-
 src/or/router.c |    4 ++--
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --cc src/or/main.c
index bc639db,3c879dc..289d805
--- a/src/or/main.c
+++ b/src/or/main.c
@@@ -937,18 -866,14 +937,19 @@@ run_scheduled_events(time_t now
        now + DESCRIPTOR_FAILURE_RESET_INTERVAL;
    }
  
 +  if (options->UseBridges)
 +    fetch_bridge_descriptors(options, now);
 +
-   /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */
+   /** 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our
+    * TLS context. */
    if (!last_rotated_x509_certificate)
      last_rotated_x509_certificate = now;
-   if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) {
+   if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME_INTERNAL < now) {
      log_info(LD_GENERAL,"Rotating tls context.");
 -    if (tor_tls_context_new(get_identity_key(),
 -                            MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
 +    if (tor_tls_context_init(public_server_mode(options),
 +                             get_tlsclient_identity_key(),
 +                             is_server ? get_server_identity_key() : NULL,
-                              MAX_SSL_KEY_LIFETIME) < 0) {
++                             MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
        log_warn(LD_BUG, "Error reinitializing TLS context");
        /* XXX is it a bug here, that we just keep going? -RD */
      }
diff --cc src/or/router.c
index 2165e6e,2afde74..365e888
--- a/src/or/router.c
+++ b/src/or/router.c
@@@ -521,12 -456,10 +521,12 @@@ init_keys(void
        crypto_free_pk_env(prkey);
        return -1;
      }
 -    set_identity_key(prkey);
 -    /* Create a TLS context; default the client nickname to "client". */
 -    if (tor_tls_context_new(get_identity_key(),
 -                            MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
 +    set_client_identity_key(prkey);
 +    /* Create a TLS context. */
 +    if (tor_tls_context_init(0,
 +                             get_tlsclient_identity_key(),
 +                             NULL,
-                              MAX_SSL_KEY_LIFETIME) < 0) {
++                             MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
        log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
        return -1;
      }
@@@ -619,10 -537,8 +619,10 @@@
    tor_free(keydir);
  
    /* 3. Initialize link key and TLS context. */
 -  if (tor_tls_context_new(get_identity_key(),
 -                          MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
 +  if (tor_tls_context_init(public_server_mode(options),
 +                           get_tlsclient_identity_key(),
 +                           get_server_identity_key(),
-                            MAX_SSL_KEY_LIFETIME) < 0) {
++                           MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
      log_err(LD_GENERAL,"Error initializing TLS context");
      return -1;
    }

More information about the tor-commits mailing list