Improved skew reporting: "You are 365 days in the duture" is more useful than "You are 525600 minutes in the future". Also, when we get something that proves we are at least an hour in the past, tell the controller "CLOCK_SKEW MIN_SKEW=-3600" rather than just "CLOCK_SKEW"
svn:r12283
Implement a FallbackNetworkstatusFile (default to $prefix/share/tor/fallback-consensus) to that we know about lots of directory servers and routers when we start up the first time.
svn:r12259
edge_connection_t: want_onehop if it must attach to a circuit with
only one hop (e.g. for the current tunnelled connections that use
begin_dir), and use_begindir if we mean to use a BEGIN_DIR relay
command to establish the stream rather than the normal BEGIN. Now
we can make anonymized begin_dir connections for (e.g.) more secure
hidden service posting and fetching.
svn:r12244
Keep circuitless TLS connections open for 1.5 x MaxCircuitDirtiness: this ensures that we don't thrash closing and repoening connections to our guards.
svn:r12218
Proposal 103 is closed too: it has been implemented and merged into dir-spec. Proposal 111 is "finished": it has been implemented, but still needs to be merged into the spec.
svn:r12177
Fix logic for downloading consensuses: make getting an duplicate or not-currently-valid consensus count as a failure. Make running out of time to get certificates count as a failure. Delay while fetching certificates.
svn:r12159
<edmanm> All commands and other keywords are case-insensitive.
<edmanm> that lying control-spec.txt!
<edmanm> getinfo Address
<edmanm> 552 Unrecognized key "Address"
<edmanm> getinfo address
<edmanm> 250-address=72.230.11.78
<edmanm> 250 OK
svn:r12140
Note that consensus-method is not a means for making backward-incompatible format changes. Because any point that confuses Roger will *definitely* confuse many non-Roger readers of dir-spec.txt ;)
svn:r12112
New code (disabled for now) to use the SSL context's cert store instead of using its "extra chain cert" list to get our identity certificate sent. This is a little close to what OpenSSL expects people to do, and it has the advantage that we should be able to keep the id cert from being sent by setting the NO_CHAIN_CERT bit. I have tried turning new code on, and it seemed to work fine.
svn:r12086
When we decode to use consensus method 2 or later, compute Unnamed and Named more or less as described in 122. Don't actually use consensus method 2 yet, so we can be sure we didn't screw up v1..
svn:r12055
