[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Only bother with dynamic DH moduli if we are a bridge.
commit f477ddcc20d5fc8c130b630854947a337881cd23
Author: George Kadianakis <desnacked@xxxxxxxxx>
Date: Fri Nov 25 17:44:43 2011 +0100
Only bother with dynamic DH moduli if we are a bridge.
---
src/or/config.c | 32 ++++++++++++++++++--------------
1 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c
index d403dec..a846ca9 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1363,22 +1363,26 @@ options_act(const or_options_t *old_options)
}
/* If needed, generate a new TLS DH prime according to the current torrc. */
- if (!old_options) {
- if (options->DynamicDHGroups) {
- char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus");
- crypto_set_tls_dh_prime(fname);
- tor_free(fname);
+ if (server_mode(options) && options->BridgeRelay) {
+ if (!old_options) {
+ if (options->DynamicDHGroups) {
+ char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus");
+ crypto_set_tls_dh_prime(fname);
+ tor_free(fname);
+ } else {
+ crypto_set_tls_dh_prime(NULL);
+ }
} else {
- crypto_set_tls_dh_prime(NULL);
- }
- } else {
- if (options->DynamicDHGroups && !old_options->DynamicDHGroups) {
- char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus");
- crypto_set_tls_dh_prime(fname);
- tor_free(fname);
- } else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) {
- crypto_set_tls_dh_prime(NULL);
+ if (options->DynamicDHGroups && !old_options->DynamicDHGroups) {
+ char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus");
+ crypto_set_tls_dh_prime(fname);
+ tor_free(fname);
+ } else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) {
+ crypto_set_tls_dh_prime(NULL);
+ }
}
+ } else { /* clients don't need a dynamic DH prime. */
+ crypto_set_tls_dh_prime(NULL);
}
/* We want to reinit keys as needed before we do much of anything else:
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits