[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] disallow picking unverified routers in circuits

To: or-cvs@freehaven.net
Subject: [or-cvs] disallow picking unverified routers in circuits
From: arma@seul.org (Roger Dingledine)
Date: Wed, 21 Jul 2004 05:35:27 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: or-cvs-outgoing@seul.org
Delivered-to: or-cvs@seul.org
Delivery-date: Wed, 21 Jul 2004 05:35:51 -0400
Reply-to: or-dev@freehaven.net
Sender: owner-or-cvs@freehaven.net

Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/or

Modified Files:
	circuitbuild.c routerlist.c 
Log Message:
disallow picking unverified routers in circuits
(for now)


Index: circuitbuild.c
===================================================================
RCS file: /home/or/cvsroot/src/or/circuitbuild.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- circuitbuild.c	21 Jul 2004 03:16:24 -0000	1.15
+++ circuitbuild.c	21 Jul 2004 09:35:24 -0000	1.16
@@ -842,6 +842,13 @@
              router->nickname, i);
       continue; /* skip routers that are known to be down */
     }
+    if(!router->is_verified) {
+      n_supported[i] = -1;
+      log_fn(LOG_DEBUG,"Skipping node %s (index %d) -- unverified router.",
+             router->nickname, i);
+      /* XXX008 maybe one day allow unverified routers as exits */
+      continue; /* skip unverified routers */
+    }
     if(router_exit_policy_rejects_all(router)) {
       n_supported[i] = -1;
       log_fn(LOG_DEBUG,"Skipping node %s (index %d) -- it rejects all.",
@@ -1012,6 +1019,10 @@
       log_fn(LOG_DEBUG,"Nope, the directory says %d is not running.",i);
       goto next_i_loop;
     }
+    if(r->is_verified == 0) {
+      log_fn(LOG_DEBUG,"Nope, the directory says %d is not verified.",i);
+      goto next_i_loop; /* XXX008 */
+    }
     if(clique_mode()) {
       conn = connection_get_by_identity_digest(r->identity_digest,
                                                CONN_TYPE_OR);

Index: routerlist.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routerlist.c,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -d -r1.103 -r1.104
--- routerlist.c	21 Jul 2004 09:13:12 -0000	1.103
+++ routerlist.c	21 Jul 2004 09:35:24 -0000	1.104
@@ -186,7 +186,8 @@
 
   for(i=0;i<smartlist_len(routerlist->routers);i++) {
     router = smartlist_get(routerlist->routers, i);
-    if(router->is_running &&
+    /* XXX008 for now, only choose verified routers */
+    if(router->is_running && router->is_verified &&
        (!clique_mode() ||
         connection_get_by_identity_digest(router->identity_digest,
                                           CONN_TYPE_OR)))

Prev by Author: [or-cvs] authdirservers accept the uploading of unverified descripto...
Next by Author: [or-cvs] bugfix: only require the correct key if the nickname is for
Previous by thread: [or-cvs] authdirservers accept the uploading of unverified descripto...
Next by thread: [or-cvs] Log certificate lifetime on failure.
Index(es):
- Author
- Thread