diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-04-27 11:51:48 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-04-27 11:51:48 -0400 |
| commit | 7c8032c22ba6270444d84604f33509a892293fcc (patch) | |
| tree | e9a80d9973227a47db4fa99c5b1265c8906c8233 /src/or | |
| parent | 9dddfe83f3041e1504d2def5622633eb59a9756f (diff) | |
| download | tor-7c8032c22ba6270444d84604f33509a892293fcc.tar tor-7c8032c22ba6270444d84604f33509a892293fcc.tar.gz | |
Bridges should never set the send_unencrypted flag on any of their descs
Fix for bug 5139.
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/router.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/or/router.c b/src/or/router.c index 4cdfd02e5..cba827d73 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1672,12 +1672,15 @@ router_rebuild_descriptor(int force) ri->purpose = options->BridgeRelay ? ROUTER_PURPOSE_BRIDGE : ROUTER_PURPOSE_GENERAL; - ri->cache_info.send_unencrypted = 1; - /* Let bridges serve their own descriptors unencrypted, so they can - * pass reachability testing. (If they want to be harder to notice, - * they can always leave the DirPort off). */ - if (ei && !options->BridgeRelay) - ei->cache_info.send_unencrypted = 1; + if (options->BridgeRelay) { + /* Bridges shouldn't be able to send their descriptors unencrypted, + anyway, since they don't have a DirPort, and always connect to the + bridge authority anonymously. But just in case they somehow think of + sending them on an unencrypted connection, don't allow them to try. */ + ri->cache_info.send_unencrypted = ei->cache_info.send_unencrypted = 0; + } else { + ri->cache_info.send_unencrypted = ei->cache_info.send_unencrypted = 1; + } router_get_router_hash(ri->cache_info.signed_descriptor_body, strlen(ri->cache_info.signed_descriptor_body), |