mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-14 07:03:44 +01:00
Fetch unknown certificates if FetchUselessDescriptors is true
This commit is contained in:
parent
e5c608e535
commit
65d793fab2
@ -1069,8 +1069,10 @@ directory_fetches_dir_info_later(const or_options_t *options)
|
|||||||
return options->UseBridges != 0;
|
return options->UseBridges != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Return true iff we want to fetch and keep certificates for authorities
|
/** Return true iff we want to serve certificates for authorities
|
||||||
* that we don't acknowledge as authorities ourself.
|
* that we don't acknowledge as authorities ourself.
|
||||||
|
* Use we_want_to_fetch_unknown_auth_certs to check if we want to fetch
|
||||||
|
* and keep these certificates.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
directory_caches_unknown_auth_certs(const or_options_t *options)
|
directory_caches_unknown_auth_certs(const or_options_t *options)
|
||||||
|
@ -840,6 +840,29 @@ we_want_to_fetch_flavor(const or_options_t *options, int flavor)
|
|||||||
return flavor == usable_consensus_flavor();
|
return flavor == usable_consensus_flavor();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Return true iff, given the options listed in <b>options</b>, we would like
|
||||||
|
* to fetch and store unknown authority certificates.
|
||||||
|
*
|
||||||
|
* For consensus and descriptor fetches, use we_want_to_fetch_flavor, and
|
||||||
|
* for serving fetched certificates, use directory_caches_unknown_auth_certs.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
we_want_to_fetch_unknown_auth_certs(const or_options_t *options)
|
||||||
|
{
|
||||||
|
if (authdir_mode_v3(options) ||
|
||||||
|
directory_caches_unknown_auth_certs((options))) {
|
||||||
|
/* We want to serve all certs to others, regardless if we would use
|
||||||
|
* them ourselves. */
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
if (options->FetchUselessDescriptors) {
|
||||||
|
/* Unknown certificates are definitely useless. */
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
/* Otherwise, don't fetch unknown certificates. */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/** How long will we hang onto a possibly live consensus for which we're
|
/** How long will we hang onto a possibly live consensus for which we're
|
||||||
* fetching certs before we check whether there is a better one? */
|
* fetching certs before we check whether there is a better one? */
|
||||||
#define DELAY_WHILE_FETCHING_CERTS (20*60)
|
#define DELAY_WHILE_FETCHING_CERTS (20*60)
|
||||||
|
@ -67,6 +67,7 @@ const routerstatus_t *router_get_consensus_status_by_nickname(
|
|||||||
const char *networkstatus_get_router_digest_by_nickname(const char *nickname);
|
const char *networkstatus_get_router_digest_by_nickname(const char *nickname);
|
||||||
int networkstatus_nickname_is_unnamed(const char *nickname);
|
int networkstatus_nickname_is_unnamed(const char *nickname);
|
||||||
int we_want_to_fetch_flavor(const or_options_t *options, int flavor);
|
int we_want_to_fetch_flavor(const or_options_t *options, int flavor);
|
||||||
|
int we_want_to_fetch_unknown_auth_certs(const or_options_t *options);
|
||||||
void networkstatus_consensus_download_failed(int status_code,
|
void networkstatus_consensus_download_failed(int status_code,
|
||||||
const char *flavname);
|
const char *flavname);
|
||||||
void update_consensus_networkstatus_fetch_time(time_t now);
|
void update_consensus_networkstatus_fetch_time(time_t now);
|
||||||
|
@ -586,7 +586,7 @@ trusted_dirs_load_certs_from_string(const char *contents, int source,
|
|||||||
"signing key %s", from_store ? "cached" : "downloaded",
|
"signing key %s", from_store ? "cached" : "downloaded",
|
||||||
ds->nickname, hex_str(cert->signing_key_digest,DIGEST_LEN));
|
ds->nickname, hex_str(cert->signing_key_digest,DIGEST_LEN));
|
||||||
} else {
|
} else {
|
||||||
int adding = directory_caches_unknown_auth_certs(get_options());
|
int adding = we_want_to_fetch_unknown_auth_certs(get_options());
|
||||||
log_info(LD_DIR, "%s %s certificate for unrecognized directory "
|
log_info(LD_DIR, "%s %s certificate for unrecognized directory "
|
||||||
"authority with signing key %s",
|
"authority with signing key %s",
|
||||||
adding ? "Adding" : "Not adding",
|
adding ? "Adding" : "Not adding",
|
||||||
@ -1012,7 +1012,7 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now,
|
|||||||
char *resource = NULL;
|
char *resource = NULL;
|
||||||
cert_list_t *cl;
|
cert_list_t *cl;
|
||||||
const or_options_t *options = get_options();
|
const or_options_t *options = get_options();
|
||||||
const int cache = directory_caches_unknown_auth_certs(options);
|
const int keep_unknown = we_want_to_fetch_unknown_auth_certs(options);
|
||||||
fp_pair_t *fp_tmp = NULL;
|
fp_pair_t *fp_tmp = NULL;
|
||||||
char id_digest_str[2*DIGEST_LEN+1];
|
char id_digest_str[2*DIGEST_LEN+1];
|
||||||
char sk_digest_str[2*DIGEST_LEN+1];
|
char sk_digest_str[2*DIGEST_LEN+1];
|
||||||
@ -1084,9 +1084,10 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now,
|
|||||||
if (!smartlist_len(voter->sigs))
|
if (!smartlist_len(voter->sigs))
|
||||||
continue; /* This authority never signed this consensus, so don't
|
continue; /* This authority never signed this consensus, so don't
|
||||||
* go looking for a cert with key digest 0000000000. */
|
* go looking for a cert with key digest 0000000000. */
|
||||||
if (!cache &&
|
if (!keep_unknown &&
|
||||||
!trusteddirserver_get_by_v3_auth_digest(voter->identity_digest))
|
!trusteddirserver_get_by_v3_auth_digest(voter->identity_digest))
|
||||||
continue; /* We are not a cache, and we don't know this authority.*/
|
continue; /* We don't want unknown certs, and we don't know this
|
||||||
|
* authority.*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If we don't know *any* cert for this authority, and a download by ID
|
* If we don't know *any* cert for this authority, and a download by ID
|
||||||
|
Loading…
Reference in New Issue
Block a user