diff options
author | George Kadianakis <desnacked@riseup.net> | 2017-09-12 12:45:27 +0300 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-09-13 14:54:49 -0400 |
commit | cf8a2b156769023e583b6c6374ac6de0134712f1 (patch) | |
tree | 5f8dabec5c151cd6b8edb052cc8f52f56f567cf6 /src/test | |
parent | f13ca360c9593fa9dfc94830996329dcb31c2324 (diff) | |
download | tor-cf8a2b156769023e583b6c6374ac6de0134712f1.tar.gz tor-cf8a2b156769023e583b6c6374ac6de0134712f1.zip |
prop224: Set stricter expiration time of cached client descriptors.
In #23466 we discovered that cached descriptors can stay around on the
client-side for up to 72 hours. In reality we only want those descs to
get cached for the duration of the current time period, since after that
TP is gone the client needs to compute a new blinded key to use for the HS.
In this commit we start using the consensus time (if available) when
cleaning up cached client descriptor entries. That makes sense because
the client uses consensus time anyway for connecting to hidden
services (e.g. computing blinded keys and time periods).
If no recent consensus is available, we consider descriptors to be
expired since we will want to fetch new ones when we get a live
consensus to avoid the Roger bug. If we didn't do that, when Roger
desuspends his laptop there would be a race between Tor fetching a new
consensus, and Tor connecting to the HS which would still cause
reachability issues.
We also turned a rev counter check into a BUG, since we should never
receive a descriptor with a strictly smaller rev counter than the one we
already have, except if there is a bug or if the HSDir wants to mess
with us. In any case, let's turn this into a BUG so that we can detect
and debug such cases easily.
Diffstat (limited to 'src/test')
0 files changed, 0 insertions, 0 deletions