diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-03-30 15:20:06 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-03-30 15:20:06 -0400 |
| commit | 5193752ca88849878a0843cec1e81c6b4b05e550 (patch) | |
| tree | 2e2de92d708917b628795cf35232ffedb7dc1617 /src | |
| parent | 458718d4975661831fa21d9f2653932e17c1bae0 (diff) | |
| download | tor-5193752ca88849878a0843cec1e81c6b4b05e550.tar tor-5193752ca88849878a0843cec1e81c6b4b05e550.tar.gz | |
Exits don't need to fetch certs for unknown authorities
When we started RefuseUnknownExits back in 0.2.2.11-alpha, we
started making exits act like they cache directory info (since they
need an up-to-date idea of who is really a router). But this
included fetching needless (unrecognized) authorities' certs, which
doesn't make any sense for them.
This is related to, but not necessarily the same as, the issue that
Ian reported for bug #2297.
(This patch is based on a patch from a user who I believe has asked
not to be named. If I'm wrong about that, please add the
appropriate name onto the changelog.)
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/dirserv.c | 9 | ||||
| -rw-r--r-- | src/or/dirserv.h | 1 | ||||
| -rw-r--r-- | src/or/routerlist.c | 4 |
3 files changed, 12 insertions, 2 deletions
diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 11f235caf..898d9f482 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1252,6 +1252,15 @@ directory_caches_v2_dir_info(const or_options_t *options) return options->DirPort != NULL; } +/** Return true iff we want to fetch and keep certificates for authorities + * that we don't acknowledge as aurthorities ourself. + */ +int +directory_caches_unknown_auth_certs(const or_options_t *options) +{ + return options->DirPort || options->BridgeRelay; +} + /** Return 1 if we want to keep descriptors, networkstatuses, etc around * and we're willing to serve them to others. Else return 0. */ diff --git a/src/or/dirserv.h b/src/or/dirserv.h index fc48e489e..3ff08157e 100644 --- a/src/or/dirserv.h +++ b/src/or/dirserv.h @@ -76,6 +76,7 @@ int directory_fetches_dir_info_early(const or_options_t *options); int directory_fetches_dir_info_later(const or_options_t *options); int directory_caches_v2_dir_info(const or_options_t *options); #define directory_caches_v1_dir_info(o) directory_caches_v2_dir_info(o) +int directory_caches_unknown_auth_certs(const or_options_t *options); int directory_caches_dir_info(const or_options_t *options); int directory_permits_begindir_requests(const or_options_t *options); int directory_permits_controller_requests(const or_options_t *options); diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 160f340dc..f549549bf 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -229,7 +229,7 @@ trusted_dirs_load_certs_from_string(const char *contents, int from_store, "signing key %s", from_store ? "cached" : "downloaded", ds->nickname, hex_str(cert->signing_key_digest,DIGEST_LEN)); } else { - int adding = directory_caches_dir_info(get_options()); + int adding = directory_caches_unknown_auth_certs(get_options()); log_info(LD_DIR, "%s %s certificate for unrecognized directory " "authority with signing key %s", adding ? "Adding" : "Not adding", @@ -480,7 +480,7 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now) smartlist_t *missing_digests; char *resource = NULL; cert_list_t *cl; - const int cache = directory_caches_dir_info(get_options()); + const int cache = directory_caches_unknown_auth_certs(get_options()); if (should_delay_dir_fetches(get_options())) return; |