From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 26 Nov 2015 03:33:49 +0000 (-0500)
Subject: Merge branch 'bug17686_v2_027'
X-Git-Tag: tor-0.2.8.1-alpha~209
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5754c42d124549b3fd8e8d7c11d4dde3b5acec1;p=thirdparty%2Ftor.git

Merge branch 'bug17686_v2_027'
---

e5754c42d124549b3fd8e8d7c11d4dde3b5acec1
diff --cc src/or/main.c
index c9007b9798,0f8d7ff3fa..1469fd1da1
--- a/src/or/main.c
+++ b/src/or/main.c
@@@ -1607,37 -1371,43 +1607,39 @@@ rotate_x509_certificate_callback(time_
  
    /* 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our
     * TLS context. */
 -  if (!time_to.last_rotated_x509_certificate)
 -    time_to.last_rotated_x509_certificate = now;
 -  if (time_to.last_rotated_x509_certificate +
 -      MAX_SSL_KEY_LIFETIME_INTERNAL < now) {
 -    log_info(LD_GENERAL,"Rotating tls context.");
 -    if (router_initialize_tls_context() < 0) {
 -      log_warn(LD_BUG, "Error reinitializing TLS context");
 -      /* XXX is it a bug here, that we just keep going? -RD */
 -    }
 -    time_to.last_rotated_x509_certificate = now;
 -    /* We also make sure to rotate the TLS connections themselves if they've
 -     * been up for too long -- but that's done via is_bad_for_new_circs in
 -     * connection_run_housekeeping() above. */
 -  }
 -
 -  if (time_to.add_entropy < now) {
 -    if (time_to.add_entropy) {
 -      /* We already seeded once, so don't die on failure. */
 -      if (crypto_seed_rng() < 0) {
 -        log_warn(LD_GENERAL, "Tried to re-seed RNG, but failed. We already "
 -                 "seeded once, though, so we won't exit here.");
 -      }
 -    }
 -/** How often do we add more entropy to OpenSSL's RNG pool? */
 -#define ENTROPY_INTERVAL (60*60)
 -    time_to.add_entropy = now + ENTROPY_INTERVAL;
 +  log_info(LD_GENERAL,"Rotating tls context.");
 +  if (router_initialize_tls_context() < 0) {
 +    log_warn(LD_BUG, "Error reinitializing TLS context");
 +    /* XXX is it a bug here, that we just keep going? -RD */
    }
  
 -  /* 1c. If we have to change the accounting interval or record
 -   * bandwidth used in this accounting interval, do so. */
 -  if (accounting_is_enabled(options))
 -    accounting_run_housekeeping(now);
 +  /* We also make sure to rotate the TLS connections themselves if they've
 +   * been up for too long -- but that's done via is_bad_for_new_circs in
 +   * run_connection_housekeeping() above. */
- 
 +  return MAX_SSL_KEY_LIFETIME_INTERNAL;
 +}
 +
 +static int
 +add_entropy_callback(time_t now, const or_options_t *options)
 +{
 +  (void)now;
 +  (void)options;
 +  /* We already seeded once, so don't die on failure. */
-   crypto_seed_rng();
++  if (crypto_seed_rng() < 0) {
++    log_warn(LD_GENERAL, "Tried to re-seed RNG, but failed. We already "
++             "seeded once, though, so we won't exit here.");
++  }
 +
 +  /** How often do we add more entropy to OpenSSL's RNG pool? */
 +#define ENTROPY_INTERVAL (60*60)
 +  return ENTROPY_INTERVAL;
 +}
  
 -  if (time_to.launch_reachability_tests < now &&
 -      (authdir_mode_tests_reachability(options)) &&
 -       !net_is_disabled()) {
 -    time_to.launch_reachability_tests = now + REACHABILITY_TEST_INTERVAL;
 +static int
 +launch_reachability_tests_callback(time_t now, const or_options_t *options)
 +{
 +  if (authdir_mode_tests_reachability(options) &&
 +      !net_is_disabled()) {
      /* try to determine reachability of the other Tor relays */
      dirserv_test_reachability(now);
    }