[tor-commits] [tor/master] Increase HS desc cert lifetime.
nickm at torproject.org
nickm at torproject.org
Wed Aug 9 00:36:38 UTC 2017
commit 827bd0e8827e10d1fe14c04b3d605b2278e3001e
Author: George Kadianakis <desnacked at riseup.net>
Date: Sun Aug 6 22:24:07 2017 +0300
Increase HS desc cert lifetime.
We used to have a small HS desc cert lifetime but those certs can stick
around for 36 hours if they get initialized in the beginning of overlap
period.
[warn] Bug: Non-fatal assertion !(hs_desc_encode_descriptor(desc->desc, &desc->signing_kp, &encoded_desc) < 0) failed in
upload_descriptor_to_hsdir at src/or/hs_service.c:1886. Stack trace: (on Tor 0.3.2.0-alpha-dev b4a14555597fb9b3)
---
src/or/hs_descriptor.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/or/hs_descriptor.h b/src/or/hs_descriptor.h
index d9c632b58..fa211d391 100644
--- a/src/or/hs_descriptor.h
+++ b/src/or/hs_descriptor.h
@@ -31,7 +31,7 @@
#define HS_DESC_MAX_LIFETIME (12 * 60 * 60)
/* Lifetime of certificate in the descriptor. This defines the lifetime of the
* descriptor signing key and the cross certification cert of that key. */
-#define HS_DESC_CERT_LIFETIME (24 * 60 * 60)
+#define HS_DESC_CERT_LIFETIME (36 * 60 * 60)
/* Length of the salt needed for the encrypted section of a descriptor. */
#define HS_DESC_ENCRYPTED_SALT_LEN 16
/* Length of the secret input needed for the KDF construction which derives
More information about the tor-commits
mailing list