[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r17246: {tor} be less aggressive about deleting expired certs. based on pa (in tor/trunk: . src/or)
Author: nickm
Date: 2008-11-11 11:01:57 -0500 (Tue, 11 Nov 2008)
New Revision: 17246
Modified:
tor/trunk/ChangeLog
tor/trunk/src/or/routerlist.c
Log:
be less aggressive about deleting expired certs. based on patch from rovv. partial fix for bug 854.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-11-11 15:59:24 UTC (rev 17245)
+++ tor/trunk/ChangeLog 2008-11-11 16:01:57 UTC (rev 17246)
@@ -2,6 +2,8 @@
o Minor bugfixes:
- Get file locking working on win32. Bugfix on 0.2.1.6-alpha. Fixes
bug 859.
+ - Made Tor a little less aggressive about deleting expired certificates.
+ Partial fix for bug 854.
o Minor features (controller):
- Return circuit purposes in response to GETINFO circuit-status. Fixes
Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c 2008-11-11 15:59:24 UTC (rev 17245)
+++ tor/trunk/src/or/routerlist.c 2008-11-11 16:01:57 UTC (rev 17246)
@@ -278,23 +278,40 @@
static void
trusted_dirs_remove_old_certs(void)
{
-#define OLD_CERT_LIFETIME (48*60*60)
+ time_t now = time(NULL);
+#define DEAD_CERT_LIFETIME (2*24*60*60)
+#define OLD_CERT_LIFETIME (7*24*60*60)
if (!trusted_dir_certs)
return;
+ log_notice(LD_DIR, "REMOVE OLD");
+
DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
authority_cert_t *newest = NULL;
SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
if (!newest || (cert->cache_info.published_on >
newest->cache_info.published_on))
newest = cert);
- SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
- if (newest && (newest->cache_info.published_on >
- cert->cache_info.published_on + OLD_CERT_LIFETIME)) {
- SMARTLIST_DEL_CURRENT(cl->certs, cert);
- authority_cert_free(cert);
- trusted_dir_servers_certs_changed = 1;
- });
+ if (newest) {
+ const time_t newest_published = newest->cache_info.published_on;
+ SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
+ int expired;
+ time_t cert_published;
+ if (newest == cert)
+ continue;
+ expired = ftime_definitely_after(now, cert->expires);
+ cert_published = cert->cache_info.published_on;
+ /* Store expired certs for 48 hours after a newer arrives;
+ */
+ if (expired ?
+ (newest_published + DEAD_CERT_LIFETIME < now) :
+ (cert_published + OLD_CERT_LIFETIME < newest_published)) {
+ SMARTLIST_DEL_CURRENT(cl->certs, cert);
+ authority_cert_free(cert);
+ trusted_dir_servers_certs_changed = 1;
+ }
+ } SMARTLIST_FOREACH_END(cert);
+ }
} DIGESTMAP_FOREACH_END;
#undef OLD_CERT_LIFETIME