This prohibits some nonsense like "./proxy-go -capacity -550", which
otherwise results in a panic like:
INFO: configuration.go:174: Created Configuration at &{[{[stun:stun.l.google.com:19302] }] All Balanced }
panic: makechan: size out of range
This is a hedge against any bugs that may cause the badge to hang when
left running for a long time, and it also means that badges will
effectively check for updated code once a day.
math/rand always uses a deterministic seed. The sequence of session IDs
was therefore always the same:
Uv38ByGCZU8WP18PmmIdcg
lWbHTRDYaB0NhtHpHgAWeQ
...
Multiple copies of this program would have had session ID collisions. I
don't know what the consequences of that would be.
This way, we don't lose state of certificates every time the process is
restarted. There's a possibility, otherwise, that if you have to restart
the server rapidly, you might run into Let's Encrypt rate limits and be
unable to create a cert for a while.
https://godoc.org/rsc.io/letsencrypt#hdr-Persistent_Storage
This removes the --tls-cert and --tls-keys options and replaces them
with --acme-hostname and (optional) --acme-email. It uses
https://godoc.org/golang.org/x/crypto/acme/autocert, which is kind of a
successor to https://godoc.org/rsc.io/letsencrypt.
The autocert package only works when the listener runs on port 443. For
that reason, if TOR_PT_SERVER_BINDADDR asks for a port other than 443,
the program will open an *additional* listening port on 443. If there is
an error opening the listener, it is reported through an SMETHOD-ERROR
for the requested address.
The inspiration for this code came from George Tankersley's patch for
meek-server:
https://bugs.torproject.org/18655#comment:8https://github.com/gtank/meek/tree/letsencrypt
