aboutsummaryrefslogtreecommitdiff
path: root/src/or/networkstatus.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2010-09-02 16:42:18 -0400
committerNick Mathewson <nickm@torproject.org>2010-09-02 16:46:03 -0400
commitbfa1962d8026e632e00760c1e14b39d154977adf (patch)
tree218e96b860a5fa4fa1baae7e1e316309e6c7502f /src/or/networkstatus.c
parent6f9f1f3324d49ffbe0a5275a268111882ba8851f (diff)
downloadtor-bfa1962d8026e632e00760c1e14b39d154977adf.tar.gz
tor-bfa1962d8026e632e00760c1e14b39d154977adf.zip
Complicate the rules on WARN vs INFO in consensus verification
It's normal when bootstrapping to have a lot of different certs missing, so we don't want missing certs to make us warn... unless the certs we're missing are ones that we've tried to fetch a couple of times and failed at. May fix bug 1145.
Diffstat (limited to 'src/or/networkstatus.c')
-rw-r--r--src/or/networkstatus.c20
1 files changed, 14 insertions, 6 deletions
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index d7a8f70dcc..1b42918525 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -464,7 +464,7 @@ networkstatus_check_consensus_signature(networkstatus_t *consensus,
int warn)
{
int n_good = 0;
- int n_missing_key = 0;
+ int n_missing_key = 0, n_dl_failed_key = 0;
int n_bad = 0;
int n_unknown = 0;
int n_no_signature = 0;
@@ -482,7 +482,7 @@ networkstatus_check_consensus_signature(networkstatus_t *consensus,
voter) {
int good_here = 0;
int bad_here = 0;
- int missing_key_here = 0;
+ int missing_key_here = 0, dl_failed_key_here = 0;
SMARTLIST_FOREACH_BEGIN(voter->sigs, document_signature_t *, sig) {
if (!sig->good_signature && !sig->bad_signature &&
sig->signature) {
@@ -502,11 +502,15 @@ networkstatus_check_consensus_signature(networkstatus_t *consensus,
} else if (!cert || cert->expires < now) {
smartlist_add(need_certs_from, voter);
++missing_key_here;
+ if (authority_cert_dl_looks_uncertain(sig->identity_digest))
+ ++dl_failed_key_here;
continue;
}
if (networkstatus_check_document_signature(consensus, sig, cert) < 0) {
smartlist_add(need_certs_from, voter);
++missing_key_here;
+ if (authority_cert_dl_looks_uncertain(sig->identity_digest))
+ ++dl_failed_key_here;
continue;
}
}
@@ -519,9 +523,11 @@ networkstatus_check_consensus_signature(networkstatus_t *consensus,
++n_good;
else if (bad_here)
++n_bad;
- else if (missing_key_here)
+ else if (missing_key_here) {
++n_missing_key;
- else
+ if (dl_failed_key_here)
+ ++n_dl_failed_key;
+ } else
++n_no_signature;
} SMARTLIST_FOREACH_END(voter);
@@ -534,10 +540,12 @@ networkstatus_check_consensus_signature(networkstatus_t *consensus,
smartlist_add(missing_authorities, ds);
});
- if (warn > 1 || (warn >= 0 && n_good < n_required))
+ if (warn > 1 || (warn >= 0 &&
+ (n_good + n_missing_key - n_dl_failed_key < n_required))) {
severity = LOG_WARN;
- else
+ } else {
severity = LOG_INFO;
+ }
if (warn >= 0) {
SMARTLIST_FOREACH(unrecognized, networkstatus_voter_info_t *, voter,