Stop using encrypted dir connections for direct dir requests when you're

acting like a dir mirror. This should reduce load on the directory
authorities, and also will remove the ugly "We just marked ourself as
down" warnings my authorities keep getting.


svn:r14114

2 files changed, 8 insertions, 7 deletions

diff --git a/ChangeLog b/ChangeLog
index 2e377cc527..88c7a2d236 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,9 @@
 Changes in version 0.2.0.22-rc - 2008-03-18
   o Major features:
-    - Enable encrypted directory connections by default, so censor
-      tools that block Tor directory connections based on their plaintext
-      patterns will no longer work. This means Tor works in certain
-      censored countries by default again.
+    - Enable encrypted directory connections by default for non-relays,
+      so censor tools that block Tor directory connections based on their
+      plaintext patterns will no longer work. This means Tor works in
+      certain censored countries by default again.
 
   o Major bugfixes:
     - Make sure servers always request certificates from clients during
diff --git a/src/or/directory.c b/src/or/directory.c
index 8b9d4d94b3..fcd5062b47 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -625,9 +625,10 @@ directory_command_should_use_begindir(or_options_t *options, uint32_t addr,
 {
   if (!or_port)
     return 0; /* We don't know an ORPort -- no chance. */
-  if (!anonymized_connection &&
-      !fascist_firewall_allows_address_or(addr, or_port))
-    return 0; /* We're firewalled -- also no chance. */
+  if (!anonymized_connection)
+    if (!fascist_firewall_allows_address_or(addr, or_port) ||
+        directory_fetches_from_authorities(options))
+      return 0; /* We're firewalled or are acting like a relay -- also no. */
   if (!options->TunnelDirConns &&
       router_purpose != ROUTER_PURPOSE_BRIDGE)
     return 0; /* We prefer to avoid using begindir conns. Fine. */