[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r17209: {tor} When we get a duplicated certificate, treat it as a failure (in tor/trunk: . src/or)
Author: nickm
Date: 2008-11-07 09:01:44 -0500 (Fri, 07 Nov 2008)
New Revision: 17209
Modified:
tor/trunk/ChangeLog
tor/trunk/src/or/routerlist.c
Log:
When we get a duplicated certificate, treat it as a failure and increment the download count. Do not claim to be downloading certificates that we merely want.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-11-07 13:38:49 UTC (rev 17208)
+++ tor/trunk/ChangeLog 2008-11-07 14:01:44 UTC (rev 17209)
@@ -67,6 +67,10 @@
introduction points.
- Fix uninitialized size field for memory area allocation: may improve
memory performance during directory parsing.
+ - Treat duplicate certificate fetches as failures, so that we do
+ not try to re-fetch an expired certificate over and over and over.
+ - Do not say we're fetching a certificate when we'll in fact skip it
+ because of a pending download.
Changes in version 0.2.1.6-alpha - 2008-09-30
Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c 2008-11-07 13:38:49 UTC (rev 17208)
+++ tor/trunk/src/or/routerlist.c 2008-11-07 14:01:44 UTC (rev 17209)
@@ -181,6 +181,17 @@
"already have.",
from_store ? "cached" : "downloaded",
ds ? ds->nickname : "??");
+
+ /* a duplicate on a download should be treated as a failure, since it
+ * probably means we wanted a different secret key or we are trying to
+ * replace an expired cert that has not in fact been updated. */
+ if (!from_store) {
+ log_warn(LD_DIR, "Got a certificate for %s that we already have. "
+ "Maybe they haven't updated it. Waiting for a while.",
+ ds ? ds->nickname : "??");
+ authority_cert_dl_failed(cert->cache_info.identity_digest, 404);
+ }
+
authority_cert_free(cert);
continue;
}
@@ -423,7 +434,8 @@
continue;
}
if (download_status_is_ready(&cl->dl_status, now,
- MAX_CERT_DL_FAILURES)) {
+ MAX_CERT_DL_FAILURES) &&
+ !digestmap_get(pending, voter->identity_digest)) {
log_notice(LD_DIR, "We're missing a certificate from authority "
"with signing key %s: launching request.",
hex_str(voter->signing_key_digest, DIGEST_LEN));
@@ -449,8 +461,9 @@
break;
}
});
- if (!found && download_status_is_ready(&cl->dl_status, now,
- MAX_CERT_DL_FAILURES)) {
+ if (!found &&
+ download_status_is_ready(&cl->dl_status, now,MAX_CERT_DL_FAILURES) &&
+ !digestmap_get(pending, ds->v3_identity_digest)) {
log_notice(LD_DIR, "No current certificate known for authority %s; "
"launching request.", ds->nickname);
smartlist_add(missing_digests, ds->v3_identity_digest);