summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-05-12 21:12:21 +0000
committerNick Mathewson <nickm@torproject.org>2008-05-12 21:12:21 +0000
commite1ef199cf6d63b17e5487f3e38f9b102c875ab29 (patch)
tree3ee9c436757c664df8a70bf2e8279c4cb6762be5
parent42dc560b1aee0fa2e8e1b12f1fd6ebc845930689 (diff)
downloadtor-e1ef199cf6d63b17e5487f3e38f9b102c875ab29.tar.gz
tor-e1ef199cf6d63b17e5487f3e38f9b102c875ab29.zip
r19714@catbus: nickm | 2008-05-12 17:11:47 -0400
Fwdport Bugfix: an authority signature is "unrecognized" if we lack a dirserver entry for it, even if we have an older cached certificate that says it is recognized. This affects clients who remove entries from their dirserver list without clearing their certificate cache. svn:r14597
-rw-r--r--ChangeLog2
-rw-r--r--src/or/networkstatus.c17
2 files changed, 11 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index f8fb833889..f67d4b0a7f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,8 @@ Changes in version 0.2.1.1-alpha - 2008-??-??
- Fix assertion failure that could occur when a blocked circuit became
unblocked, and it had pending client DNS requests. Bugfix on
0.2.0.1-alpha. Fixes bug 632.
+ - List authority signatures as "unrecognized" based on DirServer lines,
+ not on cert cache. Bugfix on 0.2.0.x.
o Minor bugfixes:
- Stop giving double-close warn when we reject an address for client DNS.
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index f56ffff19e..7537fa27d3 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -392,17 +392,18 @@ networkstatus_check_consensus_signature(networkstatus_t *consensus,
{
if (!voter->good_signature && !voter->bad_signature && voter->signature) {
/* we can try to check the signature. */
+ int is_v3_auth = trusteddirserver_get_by_v3_auth_digest(
+ voter->identity_digest) != NULL;
authority_cert_t *cert =
authority_cert_get_by_digests(voter->identity_digest,
voter->signing_key_digest);
- if (! cert) {
- if (!trusteddirserver_get_by_v3_auth_digest(voter->identity_digest)) {
- smartlist_add(unrecognized, voter);
- ++n_unknown;
- } else {
- smartlist_add(need_certs_from, voter);
- ++n_missing_key;
- }
+ if (!is_v3_auth) {
+ smartlist_add(unrecognized, voter);
+ ++n_unknown;
+ continue;
+ } else if (!cert) {
+ smartlist_add(need_certs_from, voter);
+ ++n_missing_key;
continue;
}
if (networkstatus_check_voter_signature(consensus, voter, cert) < 0) {