Two-pronged attack at my overzealous skew fixes.

The problem was that the fixes had us generating TLS certs with a 2-day lifetime on the assumption that we'd rotate fairly often. In fact, we never rotate our TLS keys. This patch fixes the situation in 2 ways: 1. It bumps the default lifetime back up to one year until we get rotation in place. 2. It changes tor_tls_context_new() so that it doesn't leak memory when you call it more than once. svn:r663
2025-02-24 22:58:50 +01:00 · 2003-10-23 14:20:51 +00:00 · 2003-10-23 14:20:51 +00:00 · 6b79d8a7e9
commit 6b79d8a7e9
parent 0396449097
1 changed files with 10 additions and 3 deletions
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -23,9 +23,9 @@
 #include <openssl/bio.h>

 /* How long do certificates live? (sec) */
-#define CERT_LIFETIME  (2*24*60*60)
+#define CERT_LIFETIME  (365*24*60*60)
 /* How much clock skew do we tolerate when checking certificates? (sec) */
-#define CERT_ALLOW_SKEW (3*60)
+#define CERT_ALLOW_SKEW (30*60)

 struct tor_tls_context_st {
  SSL_CTX *ctx;
@ -269,6 +269,13 @@ tor_tls_context_new(crypto_pk_env_t *rsa,
                     always_accept_verify_cb);
  /* let us realloc bufs that we're writing from */
  SSL_CTX_set_mode(result->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);  
+
+  /* Free the old context if one exists. */
+  if (global_tls_context) {
+    /* This is safe even if there are open connections: OpenSSL does
+     * reference counting with SSL and SSL_CTX objects. */
+    SSL_CTX_free(global_tls_context);
+  }
  global_tls_context = result;
  return 0;