From: Roger Dingledine <arma@torproject.org>
Date: Tue, 13 Sep 2011 22:27:13 +0000 (-0400)
Subject: Merge branch 'maint-0.2.1' into maint-0.2.2
X-Git-Tag: tor-0.2.2.33~3^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4a351b4b9ebfadf27d68e6bb3e1470cdef83ef45;p=thirdparty%2Ftor.git

Merge branch 'maint-0.2.1' into maint-0.2.2

Conflicts:
	src/or/main.c
	src/or/router.c
---

4a351b4b9ebfadf27d68e6bb3e1470cdef83ef45
diff --cc src/or/main.c
index bc639dbdd8,3c879dcd0e..289d805503
--- a/src/or/main.c
+++ b/src/or/main.c
@@@ -937,18 -866,14 +937,19 @@@ run_scheduled_events(time_t now
        now + DESCRIPTOR_FAILURE_RESET_INTERVAL;
    }
  
 +  if (options->UseBridges)
 +    fetch_bridge_descriptors(options, now);
 +
-   /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */
+   /** 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our
+    * TLS context. */
    if (!last_rotated_x509_certificate)
      last_rotated_x509_certificate = now;
-   if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) {
+   if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME_INTERNAL < now) {
      log_info(LD_GENERAL,"Rotating tls context.");
 -    if (tor_tls_context_new(get_identity_key(),
 -                            MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
 +    if (tor_tls_context_init(public_server_mode(options),
 +                             get_tlsclient_identity_key(),
 +                             is_server ? get_server_identity_key() : NULL,
-                              MAX_SSL_KEY_LIFETIME) < 0) {
++                             MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
        log_warn(LD_BUG, "Error reinitializing TLS context");
        /* XXX is it a bug here, that we just keep going? -RD */
      }
diff --cc src/or/router.c
index 2165e6ea90,2afde746d4..365e888af9
--- a/src/or/router.c
+++ b/src/or/router.c
@@@ -521,12 -456,10 +521,12 @@@ init_keys(void
        crypto_free_pk_env(prkey);
        return -1;
      }
 -    set_identity_key(prkey);
 -    /* Create a TLS context; default the client nickname to "client". */
 -    if (tor_tls_context_new(get_identity_key(),
 -                            MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
 +    set_client_identity_key(prkey);
 +    /* Create a TLS context. */
 +    if (tor_tls_context_init(0,
 +                             get_tlsclient_identity_key(),
 +                             NULL,
-                              MAX_SSL_KEY_LIFETIME) < 0) {
++                             MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
        log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
        return -1;
      }
@@@ -619,10 -537,8 +619,10 @@@
    tor_free(keydir);
  
    /* 3. Initialize link key and TLS context. */
 -  if (tor_tls_context_new(get_identity_key(),
 -                          MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
 +  if (tor_tls_context_init(public_server_mode(options),
 +                           get_tlsclient_identity_key(),
 +                           get_server_identity_key(),
-                            MAX_SSL_KEY_LIFETIME) < 0) {
++                           MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
      log_err(LD_GENERAL,"Error initializing TLS context");
      return -1;
    }