start part-way through the ssl cert lifetime

also, snap the start time and end time to a day boundary, since most certs in the wild seem to do this.
2013-03-10 16:28:28 -04:00 · 2013-03-10 16:28:28 -04:00 · 0196647970
parent edd6f02273
commit 0196647970
2 changed files with 23 additions and 7 deletions
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -234,7 +234,7 @@ static X509* tor_tls_create_certificate(crypto_pk_t *rsa,
                                        crypto_pk_t *rsa_sign,
                                        const char *cname,
                                        const char *cname_sign,
-                                        unsigned int lifetime);
+                                        unsigned int cert_lifetime);

 static int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
                                    crypto_pk_t *identity,
@ -608,9 +608,10 @@ tor_x509_name_new(const char *cname)
 /** Generate and sign an X509 certificate with the public key <b>rsa</b>,
 * signed by the private key <b>rsa_sign</b>.  The commonName of the
 * certificate will be <b>cname</b>; the commonName of the issuer will be
- * <b>cname_sign</b>. The cert will be valid for <b>cert_lifetime</b> seconds
- * starting from now.  Return a certificate on success, NULL on
- * failure.
+ * <b>cname_sign</b>. The cert will be valid for <b>cert_lifetime</b>
+ * seconds, starting from some time in the past.
+ *
+ * Return a certificate on success, NULL on failure.
 */
 static X509 *
 tor_tls_create_certificate(crypto_pk_t *rsa,
@ -632,7 +633,12 @@ tor_tls_create_certificate(crypto_pk_t *rsa,

  tor_tls_init();

-  start_time = time(NULL);
+  /* Make sure we're part-way through the certificate lifetime, rather
+   * than having it start right now. Don't choose quite uniformly, since
+   * then we might pick a time where we're about to expire. Lastly, be
+   * sure to start on a day boundary. */
+  start_time = time(NULL) - crypto_rand_int(cert_lifetime) + 2*24*3600;
+  start_time -= start_time % (24*3600);

  tor_assert(rsa);
  tor_assert(cname);
--- a/src/or/router.c
+++ b/src/or/router.c
@ -660,8 +660,18 @@ router_initialize_tls_context(void)
      flags |= TOR_TLS_CTX_USE_ECDHE_P224;
  }
  if (!lifetime) { /* we should guess a good ssl cert lifetime */
-    /* choose between 1 and 365 days */
-    lifetime = 1*24*3600 + crypto_rand_int(364*24*3600);
+
+    /* choose between 5 and 365 days, and round to the day */
+    lifetime = 5*24*3600 + crypto_rand_int(361*24*3600);
+    lifetime -= lifetime % (24*3600);
+
+    if (crypto_rand_int(2)) {
+      /* Half the time we expire at midnight, and half the time we expire
+       * one second before midnight. (Some CAs wobble their expiry times a
+       * bit in practice, perhaps to reduce collision attacks; see ticket
+       * 8443 for details about observed certs in the wild.) */
+      lifetime--;
+    }
  }

  /* It's ok to pass lifetime in as an unsigned int, since