12 #define TOR_X509_PRIVATE
14 #include "lib/tls/x509_internal.h"
21 tor_tls_pick_certificate_lifetime(time_t now,
22 unsigned int cert_lifetime,
23 time_t *start_time_out,
27 time_t start_time, end_time;
36 const time_t min_real_lifetime = 24*3600;
37 const time_t start_granularity = 24*3600;
38 time_t earliest_start_time;
40 if ((
int)cert_lifetime <= min_real_lifetime + start_granularity) {
41 earliest_start_time = now - 1;
43 earliest_start_time = now + min_real_lifetime + start_granularity
48 start_time -= start_time % start_granularity;
50 end_time = start_time + cert_lifetime;
52 *start_time_out = start_time;
53 *end_time_out = end_time;
61 if (cert->pkey_digests_set)
62 return &cert->pkey_digests;
71 return &cert->cert_digests;
80 tor_x509_cert_impl_free(cert->cert);
84 memwipe(cert, 0x03,
sizeof(*cert));
96 tor_x509_cert_new,(tor_x509_cert_impl_t *x509_cert))
98 tor_x509_cert_t *cert;
103 cert = tor_malloc_zero(
sizeof(tor_x509_cert_t));
104 cert->cert = x509_cert;
110 const uint8_t *encoded=NULL;
111 size_t encoded_len=0;
121 log_warn(
LD_CRYPTO,
"unable to compute digests of certificate key");
126 cert->pkey_digests_set = 1;
132 log_err(
LD_CRYPTO,
"Couldn't wrap encoded X509 certificate.");
133 tor_x509_cert_free(cert);
143 return tor_x509_cert_new(tor_x509_cert_impl_dup_(cert->cert));