Re: [tor-bugs] #24740 [Core Tor/Tor]: Tor launches two requests for authority certificates on first bootstrap

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#24740: Tor launches two requests for authority certificates on first bootstrap
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  (none)
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.3.4.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.9.1-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-bootstrap, tor-bandwidth, easy,  |  Actual Points:
  intro                                          |
Parent ID:                                       |         Points:  0.5
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor8-can
-------------------------------------------------+-------------------------
Changes (by teor):

 * version:   => Tor: 0.2.9.1-alpha


Comment:

 Replying to [comment:2 fristonio]:
 > Which part of the codebase is this hinted request made in, what I got
 from the code is that when the bootstrapping process starts Tor parses the
 certificates first from the cached-certs file.

 When Tor first bootstraps, this file does not exist, so there are no
 cached certificates.
 So at this step, Tor does nothing.

 > Then Tor parses microdesc-consensus from the disk and sets the current
 consensus based on them

 When Tor first bootstraps, this file does not exist, so there is no cached
 consensus.
 So at this step, Tor downloads the consensus:
 https://gitweb.torproject.org/tor.git/tree/src/or/networkstatus.c#n961

 Then, once it receives the consensus, it sends a request for the certs to
 the same directory mirror that it just got the consensus from, using the
 fingerprint of that directory mirror as a hint:
 https://gitweb.torproject.org/tor.git/tree/src/or/directory.c#n2614
 https://gitweb.torproject.org/tor.git/tree/src/or/networkstatus.c#n1887

 > during this process it launches certificate fetch if not enough
 certificate are available to validate the consensus.

 This step always happens on first bootstrap, because there are no cached
 certificates.

 > Then it reloads the router list after this we set up periodic callbacks.
 I couldn't locate where the hinted request is made. Any help :)

 The periodic callbacks also download certificates:
 https://gitweb.torproject.org/tor.git/tree/src/or/networkstatus.c#n1242
 This is the source of the duplicate certificate fetch.

 We need to move this line:
 https://gitweb.torproject.org/tor.git/tree/src/or/networkstatus.c#n1242

 To here:
 https://gitweb.torproject.org/tor.git/tree/src/or/networkstatus.c#n956

 With a comment that says that either:
 * we are waiting for certificates, and we've launched a certificate
 download
 * we are waiting for a consensus, and we've launched a consensus download,
 which will launch a certificate download when it completes

 This is a bugfix on #18963 in 0.2.9.1-alpha.
 But it's only a load issue, so it's not a backport candidate.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24740#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs