disallow picking unverified routers in circuits

(for now)


svn:r2082

2 files changed, 13 insertions, 1 deletions

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index b1240645c2..5887437931 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -842,6 +842,13 @@ static routerinfo_t *choose_good_exit_server_general(routerlist_t *dir)
              router->nickname, i);
       continue; /* skip routers that are known to be down */
     }
+    if(!router->is_verified) {
+      n_supported[i] = -1;
+      log_fn(LOG_DEBUG,"Skipping node %s (index %d) -- unverified router.",
+             router->nickname, i);
+      /* XXX008 maybe one day allow unverified routers as exits */
+      continue; /* skip unverified routers */
+    }
     if(router_exit_policy_rejects_all(router)) {
       n_supported[i] = -1;
       log_fn(LOG_DEBUG,"Skipping node %s (index %d) -- it rejects all.",
@@ -1012,6 +1019,10 @@ static int count_acceptable_routers(smartlist_t *routers) {
       log_fn(LOG_DEBUG,"Nope, the directory says %d is not running.",i);
       goto next_i_loop;
     }
+    if(r->is_verified == 0) {
+      log_fn(LOG_DEBUG,"Nope, the directory says %d is not verified.",i);
+      goto next_i_loop; /* XXX008 */
+    }
     if(clique_mode()) {
       conn = connection_get_by_identity_digest(r->identity_digest,
                                                CONN_TYPE_OR);
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 0139f3874f..95b0a033cd 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -186,7 +186,8 @@ void router_add_running_routers_to_smartlist(smartlist_t *sl) {
 
   for(i=0;i<smartlist_len(routerlist->routers);i++) {
     router = smartlist_get(routerlist->routers, i);
-    if(router->is_running &&
+    /* XXX008 for now, only choose verified routers */
+    if(router->is_running && router->is_verified &&
        (!clique_mode() ||
         connection_get_by_identity_digest(router->identity_digest,
                                           CONN_TYPE_OR)))