miracle091/dnscrypt-proxy
miracle091/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-01-07 01:41:22 +01:00
Code Issues Releases Wiki Activity

Bring FS info level down to INFO, but store this information with the cert

Browse Source
This commit is contained in:
Frank Denis 2018-01-18 14:58:57 +01:00
parent 25664b9a99
commit 941a7b6f4f
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dnscrypt-proxy/certs.go
View File

@ -19,6 +19,7 @@ type CertInfo struct {
SharedKey [32]byte
MagicQuery [ClientMagicLen]byte
CryptoConstruction CryptoConstruction
ForwardSecurity bool
}
func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAddress string, providerName string) (CertInfo, int, error) {
@ -77,7 +78,10 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
}
ttl := tsEnd - tsBegin
if ttl > 86400*7 {
dlog.Warnf("[%v] the key validity period for this server is excessively long (%d days), significantly reducing reliability and forward security.", providerName, ttl/86400)
dlog.Infof("[%v] the key validity period for this server is excessively long (%d days), significantly reducing reliability and forward security.", providerName, ttl/86400)
certInfo.ForwardSecurity = false
} else {
certInfo.ForwardSecurity = true
}
if now > tsEnd || now < tsBegin {
dlog.Debugf("[%v] Certificate not valid at the current date", providerName)