[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r17209: {tor} When we get a duplicated certificate, treat it as a failure (in tor/trunk: . src/or)



Author: nickm
Date: 2008-11-07 09:01:44 -0500 (Fri, 07 Nov 2008)
New Revision: 17209

Modified:
   tor/trunk/ChangeLog
   tor/trunk/src/or/routerlist.c
Log:
When we get a duplicated certificate, treat it as a failure and increment the download count. Do not claim to be downloading certificates that we merely want.

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-11-07 13:38:49 UTC (rev 17208)
+++ tor/trunk/ChangeLog	2008-11-07 14:01:44 UTC (rev 17209)
@@ -67,6 +67,10 @@
       introduction points.
     - Fix uninitialized size field for memory area allocation: may improve
       memory performance during directory parsing.
+    - Treat duplicate certificate fetches as failures, so that we do
+      not try to re-fetch an expired certificate over and over and over.
+    - Do not say we're fetching a certificate when we'll in fact skip it
+      because of a pending download.
 
 
 Changes in version 0.2.1.6-alpha - 2008-09-30

Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c	2008-11-07 13:38:49 UTC (rev 17208)
+++ tor/trunk/src/or/routerlist.c	2008-11-07 14:01:44 UTC (rev 17209)
@@ -181,6 +181,17 @@
                "already have.",
                from_store ? "cached" : "downloaded",
                ds ? ds->nickname : "??");
+
+      /* a duplicate on a download should be treated as a failure, since it
+       * probably means we wanted a different secret key or we are trying to
+       * replace an expired cert that has not in fact been updated. */
+      if (!from_store) {
+        log_warn(LD_DIR, "Got a certificate for %s that we already have. "
+                 "Maybe they haven't updated it.  Waiting for a while.",
+                 ds ? ds->nickname : "??");
+        authority_cert_dl_failed(cert->cache_info.identity_digest, 404);
+      }
+
       authority_cert_free(cert);
       continue;
     }
@@ -423,7 +434,8 @@
           continue;
         }
         if (download_status_is_ready(&cl->dl_status, now,
-                                     MAX_CERT_DL_FAILURES)) {
+                                     MAX_CERT_DL_FAILURES) &&
+            !digestmap_get(pending, voter->identity_digest)) {
           log_notice(LD_DIR, "We're missing a certificate from authority "
                      "with signing key %s: launching request.",
                      hex_str(voter->signing_key_digest, DIGEST_LEN));
@@ -449,8 +461,9 @@
             break;
           }
         });
-      if (!found && download_status_is_ready(&cl->dl_status, now,
-                                             MAX_CERT_DL_FAILURES)) {
+      if (!found &&
+          download_status_is_ready(&cl->dl_status, now,MAX_CERT_DL_FAILURES) &&
+          !digestmap_get(pending, ds->v3_identity_digest)) {
         log_notice(LD_DIR, "No current certificate known for authority %s; "
                    "launching request.", ds->nickname);
         smartlist_add(missing_digests, ds->v3_identity_digest);