summaryrefslogtreecommitdiff
path: root/src/or/routerlist.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2007-07-28 00:11:34 +0000
committerNick Mathewson <nickm@torproject.org>2007-07-28 00:11:34 +0000
commitafe9f33d35842f129d8fa363f109f643aeffef2f (patch)
tree448b0a633b411f09232b2f3fcc699b449e7f3fe4 /src/or/routerlist.c
parent0d274e1db18473589658e098efdf682e304f01e7 (diff)
downloadtor-afe9f33d35842f129d8fa363f109f643aeffef2f.tar.gz
tor-afe9f33d35842f129d8fa363f109f643aeffef2f.zip
r13956@catbus: nickm | 2007-07-27 20:09:48 -0400
Better certificate manipulations: extract certificates from incoming votes, forget ones that are very old, and remember to store them on disk. svn:r10954
Diffstat (limited to 'src/or/routerlist.c')
-rw-r--r--src/or/routerlist.c48
1 files changed, 45 insertions, 3 deletions
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index ac74617bda..729141f1da 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -243,6 +243,9 @@ trusted_dirs_load_certs_from_string(const char *contents, int from_store)
if (!from_store)
trusted_dir_servers_certs_changed = 1;
}
+
+ trusted_dirs_flush_certs_to_disk();
+
return 0;
}
@@ -251,7 +254,12 @@ void
trusted_dirs_flush_certs_to_disk(void)
{
char filename[512];
- smartlist_t *chunks = smartlist_create();
+ smartlist_t *chunks;
+
+ if (!trusted_dir_servers_certs_changed)
+ return;
+
+ chunks = smartlist_create();
tor_snprintf(filename,sizeof(filename),"%s"PATH_SEPARATOR"cached-certs",
get_options()->DataDirectory);
@@ -277,6 +285,35 @@ trusted_dirs_flush_certs_to_disk(void)
}
/** DOCDOC */
+static void
+trusted_dirs_remove_old_certs(void)
+{
+ /* Any certificate that has been superseded for more than 48 hours is
+ * irrelevant. */
+#define OLD_CERT_LIFETIME (48*60*60)
+ SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ds,
+ {
+ authority_cert_t *newest = NULL;
+ if (!ds->v3_certs)
+ continue;
+ SMARTLIST_FOREACH(ds->v3_certs, authority_cert_t *, cert,
+ if (!newest || (cert->cache_info.published_on >
+ newest->cache_info.published_on))
+ newest = cert);
+ SMARTLIST_FOREACH(ds->v3_certs, authority_cert_t *, cert,
+ if (newest && (newest->cache_info.published_on >
+ cert->cache_info.published_on + OLD_CERT_LIFETIME)) {
+ SMARTLIST_DEL_CURRENT(ds->v3_certs, cert);
+ authority_cert_free(cert);
+ trusted_dir_servers_certs_changed = 1;
+ });
+ });
+#undef OLD_CERT_LIFETIME
+
+ trusted_dirs_flush_certs_to_disk();
+}
+
+/** DOCDOC */
authority_cert_t *
authority_cert_get_by_digests(const char *id_digest,
const char *sk_digest)
@@ -622,9 +659,11 @@ int
router_reload_router_list(void)
{
if (router_reload_router_list_impl(0))
- return 1;
+ return -1;
if (router_reload_router_list_impl(1))
- return 1;
+ return -1;
+ if (trusted_dirs_reload_certs())
+ return -1;
return 0;
}
@@ -2697,6 +2736,9 @@ routerlist_remove_old_routers(void)
routerinfo_t *router;
signed_descriptor_t *sd;
digestmap_t *retain;
+
+ trusted_dirs_remove_old_certs();
+
if (!routerlist || !networkstatus_list)
return;