Switch between fallback and authority when auth cert fetch fails

This commit is contained in:
teor (Tim Wilson-Brown) 2016-05-04 15:41:37 +10:00
parent 64b948f5fa
commit 92d7ee08b8
No known key found for this signature in database
GPG Key ID: 450CBA7F968F094B
2 changed files with 12 additions and 4 deletions

View File

@ -1,4 +1,6 @@
o Minor bugfix (bootstrap): o Minor bugfix (bootstrap):
- Consistently use the consensus download schedule for - Consistently use the consensus download schedule for
authority certificates. authority certificates.
- When downloading authority certificates fails, switch from
using a fallback to using an authority.
Resolves ticket 18816; fix on fddb814fe in 0.2.4.13-alpha. Resolves ticket 18816; fix on fddb814fe in 0.2.4.13-alpha.

View File

@ -912,11 +912,14 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
} SMARTLIST_FOREACH_END(d); } SMARTLIST_FOREACH_END(d);
if (smartlist_len(fps) > 1) { if (smartlist_len(fps) > 1) {
static int want_auth = 0;
resource = smartlist_join_strings(fps, "", 0, NULL); resource = smartlist_join_strings(fps, "", 0, NULL);
/* XXX - do we want certs from authorities or mirrors? - teor */
directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0, directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
resource, PDS_RETRY_IF_NO_SERVERS, resource, PDS_RETRY_IF_NO_SERVERS,
DL_WANT_ANY_DIRSERVER); want_auth ? DL_WANT_AUTHORITY
: DL_WANT_ANY_DIRSERVER);
/* on failure, swap between using fallbacks and authorities */
want_auth = !want_auth;
tor_free(resource); tor_free(resource);
} }
/* else we didn't add any: they were all pending */ /* else we didn't add any: they were all pending */
@ -958,11 +961,14 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
} SMARTLIST_FOREACH_END(d); } SMARTLIST_FOREACH_END(d);
if (smartlist_len(fp_pairs) > 1) { if (smartlist_len(fp_pairs) > 1) {
static int want_auth = 0;
resource = smartlist_join_strings(fp_pairs, "", 0, NULL); resource = smartlist_join_strings(fp_pairs, "", 0, NULL);
/* XXX - do we want certs from authorities or mirrors? - teor */
directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0, directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
resource, PDS_RETRY_IF_NO_SERVERS, resource, PDS_RETRY_IF_NO_SERVERS,
DL_WANT_ANY_DIRSERVER); want_auth ? DL_WANT_AUTHORITY
: DL_WANT_ANY_DIRSERVER);
/* on failure, swap between using fallbacks and authorities */
want_auth = !want_auth;
tor_free(resource); tor_free(resource);
} }
/* else they were all pending */ /* else they were all pending */