diff options
author | Nick Mathewson <nickm@torproject.org> | 2008-11-11 16:01:57 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2008-11-11 16:01:57 +0000 |
commit | 8157b8b7669c16bbe362ab3da3c1fdd51657227f (patch) | |
tree | cc03bc03620aba475533fefe1fa311fec0321897 /src/or | |
parent | e08cbe2029e366bfbd7cf9a3bf9d0ec0088ab1cf (diff) | |
download | tor-8157b8b7669c16bbe362ab3da3c1fdd51657227f.tar.gz tor-8157b8b7669c16bbe362ab3da3c1fdd51657227f.zip |
be less aggressive about deleting expired certs. based on patch from rovv. partial fix for bug 854.
svn:r17246
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/routerlist.c | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/src/or/routerlist.c b/src/or/routerlist.c index d68785ff99..a75bfc7a17 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -278,23 +278,40 @@ trusted_dirs_flush_certs_to_disk(void) static void trusted_dirs_remove_old_certs(void) { -#define OLD_CERT_LIFETIME (48*60*60) + time_t now = time(NULL); +#define DEAD_CERT_LIFETIME (2*24*60*60) +#define OLD_CERT_LIFETIME (7*24*60*60) if (!trusted_dir_certs) return; + log_notice(LD_DIR, "REMOVE OLD"); + DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) { authority_cert_t *newest = NULL; SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert, if (!newest || (cert->cache_info.published_on > newest->cache_info.published_on)) newest = cert); - SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert, - if (newest && (newest->cache_info.published_on > - cert->cache_info.published_on + OLD_CERT_LIFETIME)) { - SMARTLIST_DEL_CURRENT(cl->certs, cert); - authority_cert_free(cert); - trusted_dir_servers_certs_changed = 1; - }); + if (newest) { + const time_t newest_published = newest->cache_info.published_on; + SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) { + int expired; + time_t cert_published; + if (newest == cert) + continue; + expired = ftime_definitely_after(now, cert->expires); + cert_published = cert->cache_info.published_on; + /* Store expired certs for 48 hours after a newer arrives; + */ + if (expired ? + (newest_published + DEAD_CERT_LIFETIME < now) : + (cert_published + OLD_CERT_LIFETIME < newest_published)) { + SMARTLIST_DEL_CURRENT(cl->certs, cert); + authority_cert_free(cert); + trusted_dir_servers_certs_changed = 1; + } + } SMARTLIST_FOREACH_END(cert); + } } DIGESTMAP_FOREACH_END; #undef OLD_CERT_LIFETIME |