mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
r14358@Kushana: nickm | 2007-09-08 13:45:16 -0400
Implement certificate fetch functions. svn:r11405
This commit is contained in:
parent
1c8bd05c70
commit
eb3f24f027
8
doc/TODO
8
doc/TODO
@ -49,13 +49,17 @@ Things we'd like to do in 0.2.0.x:
|
|||||||
. Finalize proposal
|
. Finalize proposal
|
||||||
* Describe schedule in copious detail.
|
* Describe schedule in copious detail.
|
||||||
- Get authorities voting
|
- Get authorities voting
|
||||||
. Code to manage key certificates
|
o Code to manage key certificates
|
||||||
- Download as needed.
|
o Download as needed.
|
||||||
|
o Code to download
|
||||||
|
o Code to retry download.
|
||||||
. Code to generate consensus from a list of votes
|
. Code to generate consensus from a list of votes
|
||||||
* Detect whether votes are really all for the same period.
|
* Detect whether votes are really all for the same period.
|
||||||
. Push/pull documents as appropriate.
|
. Push/pull documents as appropriate.
|
||||||
- Pull votes and signatures if we don't get them.
|
- Pull votes and signatures if we don't get them.
|
||||||
- Cache votes and signatures on disk.
|
- Cache votes and signatures on disk.
|
||||||
|
- Code to keep consensus docs in limbo if they don't have
|
||||||
|
have enough signatures.
|
||||||
o Have clients know which authorities are v3 authorities, and what
|
o Have clients know which authorities are v3 authorities, and what
|
||||||
their keys are.
|
their keys are.
|
||||||
- While we're at it, let v3 authorities have fqdns lines.
|
- While we're at it, let v3 authorities have fqdns lines.
|
||||||
|
@ -1298,7 +1298,22 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
|||||||
/*XXXX020*/;
|
/*XXXX020*/;
|
||||||
}
|
}
|
||||||
if (conn->_base.purpose == DIR_PURPOSE_FETCH_CERTIFICATE) {
|
if (conn->_base.purpose == DIR_PURPOSE_FETCH_CERTIFICATE) {
|
||||||
/*XXXX020*/;
|
log_info(LD_DIR,"Received aurhority certificatess (size %d) from server "
|
||||||
|
"'%s:%d'",(int) body_len, conn->_base.address, conn->_base.port);
|
||||||
|
if (status_code != 200) {
|
||||||
|
log_fn(status_code == 403 ? LOG_INFO : LOG_WARN, LD_DIR,
|
||||||
|
"Received http status code %d (%s) from server "
|
||||||
|
"'%s:%d' while fetching \"/tor/keys/%s\".",
|
||||||
|
status_code, escaped(reason), conn->_base.address,
|
||||||
|
conn->_base.port, conn->requested_resource);
|
||||||
|
tor_free(body); tor_free(headers); tor_free(reason);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (trusted_dirs_load_certs_from_string(body, 0)<0) {
|
||||||
|
log_warn(LD_DIR, "Unable to parse fetched certificates");
|
||||||
|
} else {
|
||||||
|
log_info(LD_DIR, "Successfully loaded certificates from fetch.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (conn->_base.purpose == DIR_PURPOSE_FETCH_STATUS_VOTE) {
|
if (conn->_base.purpose == DIR_PURPOSE_FETCH_STATUS_VOTE) {
|
||||||
/*XXXX020*/;
|
/*XXXX020*/;
|
||||||
|
@ -3451,6 +3451,7 @@ authority_cert_t *authority_cert_get_newest_by_id(const char *id_digest);
|
|||||||
authority_cert_t *authority_cert_get_by_sk_digest(const char *sk_digest);
|
authority_cert_t *authority_cert_get_by_sk_digest(const char *sk_digest);
|
||||||
authority_cert_t *authority_cert_get_by_digests(const char *id_digest,
|
authority_cert_t *authority_cert_get_by_digests(const char *id_digest,
|
||||||
const char *sk_digest);
|
const char *sk_digest);
|
||||||
|
void authority_certs_fetch_missing(networkstatus_vote_t *status);
|
||||||
void routerlist_add_family(smartlist_t *sl, routerinfo_t *router);
|
void routerlist_add_family(smartlist_t *sl, routerinfo_t *router);
|
||||||
void add_nickname_list_to_smartlist(smartlist_t *sl, const char *list,
|
void add_nickname_list_to_smartlist(smartlist_t *sl, const char *list,
|
||||||
int must_be_running);
|
int must_be_running);
|
||||||
|
@ -387,6 +387,59 @@ authority_cert_get_by_digests(const char *id_digest,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** DOCDOC */
|
||||||
|
void
|
||||||
|
authority_certs_fetch_missing(networkstatus_vote_t *status)
|
||||||
|
{
|
||||||
|
smartlist_t *missing_digests = smartlist_create();
|
||||||
|
char *resource;
|
||||||
|
if (status) {
|
||||||
|
SMARTLIST_FOREACH(status->voters, networkstatus_voter_info_t *, voter,
|
||||||
|
{
|
||||||
|
trusted_dir_server_t *ds
|
||||||
|
= trusteddirserver_get_by_v3_auth_digest(voter->identity_digest);
|
||||||
|
if (ds &&
|
||||||
|
!authority_cert_get_by_digests(voter->identity_digest,
|
||||||
|
voter->signing_key_digest))
|
||||||
|
smartlist_add(missing_digests, voter->identity_digest);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ds,
|
||||||
|
{
|
||||||
|
int found = 0;
|
||||||
|
if (!(ds->type & V3_AUTHORITY))
|
||||||
|
continue;
|
||||||
|
if (smartlist_digest_isin(missing_digests, ds->v3_identity_digest))
|
||||||
|
continue;
|
||||||
|
SMARTLIST_FOREACH(ds->v3_certs, authority_cert_t *, cert,
|
||||||
|
{
|
||||||
|
if (1) { //XXXX020! cert_is_definitely_expired(cert, now)) {
|
||||||
|
found = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
smartlist_add(missing_digests, ds->v3_identity_digest);
|
||||||
|
});
|
||||||
|
|
||||||
|
{
|
||||||
|
smartlist_t *fps = smartlist_create();
|
||||||
|
SMARTLIST_FOREACH(missing_digests, const char *, d, {
|
||||||
|
char *fp = tor_malloc(HEX_DIGEST_LEN+1);
|
||||||
|
base16_encode(fp, HEX_DIGEST_LEN+1, d, DIGEST_LEN);
|
||||||
|
smartlist_add(fps, fp);
|
||||||
|
});
|
||||||
|
resource = smartlist_join_strings(fps, "+", 0, NULL);
|
||||||
|
SMARTLIST_FOREACH(fps, char *, cp, tor_free(cp));
|
||||||
|
smartlist_free(fps);
|
||||||
|
}
|
||||||
|
log_notice(LD_DIR, "Launching request for %d missing certificates.",
|
||||||
|
smartlist_len(missing_digests)); /*XXXX020 downgrade to INFO*/
|
||||||
|
smartlist_free(missing_digests);
|
||||||
|
directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
|
||||||
|
resource, 1);
|
||||||
|
tor_free(resource);
|
||||||
|
}
|
||||||
|
|
||||||
/* Router descriptor storage.
|
/* Router descriptor storage.
|
||||||
*
|
*
|
||||||
* DOCDOC files annotated NM
|
* DOCDOC files annotated NM
|
||||||
|
Loading…
Reference in New Issue
Block a user