add CertFile, Nickname

write new certfile if you don't have one already
set up a tls context on startup

svn:r432

diff --git a/src/or/config.c b/src/or/config.c
index 694488fa1de0f17c76437be9229593f4f415d711..3ac16d9930977e9380c3cc613f97bf58e5d31697 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -192,6 +192,8 @@ static void config_assign(or_options_t *options, struct config_line *list) {
     config_compare(list, "PrivateKeyFile", CONFIG_TYPE_STRING, &options->PrivateKeyFile) ||
     config_compare(list, "SigningPrivateKeyFile", CONFIG_TYPE_STRING, &options->SigningPrivateKeyFile) ||
     config_compare(list, "RouterFile",     CONFIG_TYPE_STRING, &options->RouterFile) ||
+    config_compare(list, "CertFile",       CONFIG_TYPE_STRING, &options->CertFile) ||
+    config_compare(list, "Nickname",       CONFIG_TYPE_STRING, &options->Nickname) ||
 
     /* int options */
     config_compare(list, "MaxConn",         CONFIG_TYPE_INT, &options->MaxConn) ||
@@ -244,6 +246,7 @@ int getconfig(int argc, char **argv, or_options_t *options) {
   options->NewCircuitPeriod = 60; /* once a minute */
   options->TotalBandwidth = 800000; /* at most 800kB/s total sustained incoming */
   options->NumCpus = 1;
+  options->CertFile = "default.cert";
 //  options->ReconnectPeriod = 6001;
 
 /* get config lines from /etc/torrc and assign them */
@@ -352,6 +355,11 @@ int getconfig(int argc, char **argv, or_options_t *options) {
     result = -1;
   }
 
+  if(options->OnionRouter && options->Nickname == NULL) {
+    log_fn(LOG_ERR,"Nickname required for OnionRouter, but not found.");
+    return -1;
+  }
+
   if(options->DirPort > 0 && options->SigningPrivateKeyFile == NULL) {
     log(LOG_ERR,"SigningPrivateKeyFile option required for DirServer, but not found.");
     result = -1;

diff --git a/src/or/main.c b/src/or/main.c
index 2f8250a6747545dba17a721e1022966a17535128..0f6fa9a26a5e1b8f77cf2128490d961e9baa6bd6 100644 (file)
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -450,7 +450,28 @@ static int do_main_loop(void) {
   }
 
 #ifdef USE_TLS
-  make the tls context here 
+  if(options.OnionRouter) {
+    struct stat statbuf;
+    if(stat(options.CertFile, &statbuf) < 0) {
+      log_fn(LOG_INFO,"CertFile %s is missing. Generating.", options.CertFile);
+      if(tor_tls_write_certificate(options.CertFile,
+                                   get_privatekey(),
+                                   options.Nickname) < 0) {
+        log_fn(LOG_ERR,"Couldn't write CertFile %s. Dying.", options.CertFile);
+        return -1;
+      }
+    }
+
+    if(tor_tls_context_new(certfile, get_privatekey(), 1) < 0) {
+      log_fn(LOG_ERR,"Error creating tls context.");
+      return -1;
+    }
+  } else { /* just a proxy, the context is easy */
+    if(tor_tls_context_new(NULL, NULL, 0) < 0) {
+      log_fn(LOG_ERR,"Error creating tls context.");
+      return -1;
+    }
+  }
 #endif
 
   /* start up the necessary connections based on which ports are

diff --git a/src/or/or.h b/src/or/or.h
index 1eac472425818251cfd192b3a310b4868872c26d..5eb2bc16e8d76dbd213a3aae982b25ec2a7ae4f2 100644 (file)
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -439,6 +439,8 @@ typedef struct {
    char *RouterFile;
    char *SigningPrivateKeyFile;
    char *PrivateKeyFile;
+   char *CertFile;
+   char *Nickname;
    double CoinWeight;
    int Daemon;
    int ORPort;