summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog2
-rw-r--r--src/or/routerlist.c33
2 files changed, 27 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 9556c678c3..04479234a1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@ Changes in version 0.2.1.8-alpha - 2008-??-??
o Minor bugfixes:
- Get file locking working on win32. Bugfix on 0.2.1.6-alpha. Fixes
bug 859.
+ - Made Tor a little less aggressive about deleting expired certificates.
+ Partial fix for bug 854.
o Minor features (controller):
- Return circuit purposes in response to GETINFO circuit-status. Fixes
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index d68785ff99..a75bfc7a17 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -278,23 +278,40 @@ trusted_dirs_flush_certs_to_disk(void)
static void
trusted_dirs_remove_old_certs(void)
{
-#define OLD_CERT_LIFETIME (48*60*60)
+ time_t now = time(NULL);
+#define DEAD_CERT_LIFETIME (2*24*60*60)
+#define OLD_CERT_LIFETIME (7*24*60*60)
if (!trusted_dir_certs)
return;
+ log_notice(LD_DIR, "REMOVE OLD");
+
DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
authority_cert_t *newest = NULL;
SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
if (!newest || (cert->cache_info.published_on >
newest->cache_info.published_on))
newest = cert);
- SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
- if (newest && (newest->cache_info.published_on >
- cert->cache_info.published_on + OLD_CERT_LIFETIME)) {
- SMARTLIST_DEL_CURRENT(cl->certs, cert);
- authority_cert_free(cert);
- trusted_dir_servers_certs_changed = 1;
- });
+ if (newest) {
+ const time_t newest_published = newest->cache_info.published_on;
+ SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
+ int expired;
+ time_t cert_published;
+ if (newest == cert)
+ continue;
+ expired = ftime_definitely_after(now, cert->expires);
+ cert_published = cert->cache_info.published_on;
+ /* Store expired certs for 48 hours after a newer arrives;
+ */
+ if (expired ?
+ (newest_published + DEAD_CERT_LIFETIME < now) :
+ (cert_published + OLD_CERT_LIFETIME < newest_published)) {
+ SMARTLIST_DEL_CURRENT(cl->certs, cert);
+ authority_cert_free(cert);
+ trusted_dir_servers_certs_changed = 1;
+ }
+ } SMARTLIST_FOREACH_END(cert);
+ }
} DIGESTMAP_FOREACH_END;
#undef OLD_CERT_LIFETIME