be less aggressive about deleting expired certs. based on patch from rovv. partial fix for bug 854.

svn:r17246
2024-11-10 13:13:44 +01:00 · 2008-11-11 16:01:57 +00:00 · 2008-11-11 16:01:57 +00:00 · 8157b8b766
commit 8157b8b766
parent e08cbe2029
2 changed files with 27 additions and 8 deletions
--- a/2
+++ b/2
@ -2,6 +2,8 @@ Changes in version 0.2.1.8-alpha - 2008-??-??
  o Minor bugfixes:
    - Get file locking working on win32.  Bugfix on 0.2.1.6-alpha.  Fixes
      bug 859.
+    - Made Tor a little less aggressive about deleting expired certificates.
+      Partial fix for bug 854.

  o Minor features (controller):
    - Return circuit purposes in response to GETINFO circuit-status.  Fixes
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@ -278,23 +278,40 @@ trusted_dirs_flush_certs_to_disk(void)
 static void
 trusted_dirs_remove_old_certs(void)
 {
-#define OLD_CERT_LIFETIME (48*60*60)
+  time_t now = time(NULL);
+#define DEAD_CERT_LIFETIME (2*24*60*60)
+#define OLD_CERT_LIFETIME (7*24*60*60)
  if (!trusted_dir_certs)
    return;

+  log_notice(LD_DIR, "REMOVE OLD");
+
  DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
    authority_cert_t *newest = NULL;
    SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
          if (!newest || (cert->cache_info.published_on >
                          newest->cache_info.published_on))
            newest = cert);
-    SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
-          if (newest && (newest->cache_info.published_on >
-                         cert->cache_info.published_on + OLD_CERT_LIFETIME)) {
-            SMARTLIST_DEL_CURRENT(cl->certs, cert);
-            authority_cert_free(cert);
-            trusted_dir_servers_certs_changed = 1;
-          });
+    if (newest) {
+      const time_t newest_published = newest->cache_info.published_on;
+      SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
+        int expired;
+        time_t cert_published;
+        if (newest == cert)
+          continue;
+        expired = ftime_definitely_after(now, cert->expires);
+        cert_published = cert->cache_info.published_on;
+        /* Store expired certs for 48 hours after a newer arrives;
+         */
+        if (expired ?
+            (newest_published + DEAD_CERT_LIFETIME < now) :
+            (cert_published + OLD_CERT_LIFETIME < newest_published)) {
+          SMARTLIST_DEL_CURRENT(cl->certs, cert);
+          authority_cert_free(cert);
+          trusted_dir_servers_certs_changed = 1;
+        }
+      } SMARTLIST_FOREACH_END(cert);
+    }
  } DIGESTMAP_FOREACH_END;
 #undef OLD_CERT_LIFETIME