tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 827bd0e8827e10d1fe14c04b3d605b2278e3001e
parent bd3213b17e6ff94bfd1c5deb3ecf2d906dd8d0b6
Author: George Kadianakis <desnacked@riseup.net>
Date:   Sun,  6 Aug 2017 22:24:07 +0300

Increase HS desc cert lifetime.

We used to have a small HS desc cert lifetime but those certs can stick
around for 36 hours if they get initialized in the beginning of overlap
period.

[warn] Bug: Non-fatal assertion !(hs_desc_encode_descriptor(desc->desc, &desc->signing_kp, &encoded_desc) < 0) failed in
upload_descriptor_to_hsdir at src/or/hs_service.c:1886. Stack trace: (on Tor 0.3.2.0-alpha-dev b4a14555597fb9b3)

Diffstat:

Msrc/or/hs_descriptor.h | 2+-


1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/or/hs_descriptor.h b/src/or/hs_descriptor.h
@@ -31,7 +31,7 @@
 #define HS_DESC_MAX_LIFETIME (12 * 60 * 60)
 /* Lifetime of certificate in the descriptor. This defines the lifetime of the
  * descriptor signing key and the cross certification cert of that key. */
-#define HS_DESC_CERT_LIFETIME (24 * 60 * 60)
+#define HS_DESC_CERT_LIFETIME (36 * 60 * 60)
 /* Length of the salt needed for the encrypted section of a descriptor. */
 #define HS_DESC_ENCRYPTED_SALT_LEN 16
 /* Length of the secret input needed for the KDF construction which derives