aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2009-02-10 20:28:30 +0000
committerNick Mathewson <nickm@torproject.org>2009-02-10 20:28:30 +0000
commit356b40f58b9ba8fc59637f0dd02d830a4ceccde9 (patch)
tree8131cc7db5f6cbc23d514cf6f2029089618f150f
parent009752823af6d263481b21ebcb2dd8d725dc97e7 (diff)
downloadtor-356b40f58b9ba8fc59637f0dd02d830a4ceccde9.tar.gz
tor-356b40f58b9ba8fc59637f0dd02d830a4ceccde9.zip
Clients and non-caches do not need to cache unrecognized authority certificates.
svn:r18480
-rw-r--r--ChangeLog2
-rw-r--r--src/or/routerlist.c8
2 files changed, 9 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index d21965c889..cb093410dc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,8 @@ Changes in version 0.2.1.13-????? - 2009-0?-??
cells. Bugfix on 0.2.1.3-alpha. Fixes more of bug 878.
- As an exit node, scrub the IP address to which we are exiting in the
logs. Bugfix on 0.2.1.8-alpha.
+ - Clients no longer cache certificates for authorities they do not
+ recognize. Bugfix on 0.2.0.9-alpha.
o Minor features:
- On Linux, use the prctl call to re-enable core dumps when the user
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 4cc88fd7ce..ecbc323937 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -202,10 +202,16 @@ trusted_dirs_load_certs_from_string(const char *contents, int from_store,
"signing key %s", from_store ? "cached" : "downloaded",
ds->nickname, hex_str(cert->signing_key_digest,DIGEST_LEN));
} else {
- log_info(LD_DIR, "Adding %s certificate for unrecognized directory "
+ int adding = directory_caches_dir_info(get_options());
+ log_info(LD_DIR, "%s %s certificate for unrecognized directory "
"authority with signing key %s",
+ adding ? "Adding" : "Not adding",
from_store ? "cached" : "downloaded",
hex_str(cert->signing_key_digest,DIGEST_LEN));
+ if (!adding) {
+ authority_cert_free(cert);
+ continue;
+ }
}
cl = get_cert_list(cert->cache_info.identity_digest);