now + DESCRIPTOR_FAILURE_RESET_INTERVAL;
}
- /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */
+ if (options->UseBridges)
+ fetch_bridge_descriptors(options, now);
+
+ /** 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our
+ * TLS context. */
if (!last_rotated_x509_certificate)
last_rotated_x509_certificate = now;
- if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) {
+ if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME_INTERNAL < now) {
log_info(LD_GENERAL,"Rotating tls context.");
- if (tor_tls_context_new(get_identity_key(),
- MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
+ if (tor_tls_context_init(public_server_mode(options),
+ get_tlsclient_identity_key(),
+ is_server ? get_server_identity_key() : NULL,
- MAX_SSL_KEY_LIFETIME) < 0) {
++ MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
log_warn(LD_BUG, "Error reinitializing TLS context");
/* XXX is it a bug here, that we just keep going? -RD */
}
crypto_free_pk_env(prkey);
return -1;
}
- set_identity_key(prkey);
- /* Create a TLS context; default the client nickname to "client". */
- if (tor_tls_context_new(get_identity_key(),
- MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
+ set_client_identity_key(prkey);
+ /* Create a TLS context. */
+ if (tor_tls_context_init(0,
+ get_tlsclient_identity_key(),
+ NULL,
- MAX_SSL_KEY_LIFETIME) < 0) {
++ MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
return -1;
}
tor_free(keydir);
/* 3. Initialize link key and TLS context. */
- if (tor_tls_context_new(get_identity_key(),
- MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
+ if (tor_tls_context_init(public_server_mode(options),
+ get_tlsclient_identity_key(),
+ get_server_identity_key(),
- MAX_SSL_KEY_LIFETIME) < 0) {
++ MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
log_err(LD_GENERAL,"Error initializing TLS context");
return -1;
}
projects / thirdparty / tor.git / commitdiff
