From 5e2cdc166621da9e219e305f2de6e10de412cb97 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 7 Nov 2008 14:01:44 +0000 Subject: When we get a duplicated certificate, treat it as a failure and increment the download count. Do not claim to be downloading certificates that we merely want. svn:r17209 --- ChangeLog | 4 ++++ src/or/routerlist.c | 19 ++++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9be7dccba8..8273e92826 100644 --- a/ChangeLog +++ b/ChangeLog @@ -67,6 +67,10 @@ Changes in version 0.2.1.7-alpha - 2008-11-07 introduction points. - Fix uninitialized size field for memory area allocation: may improve memory performance during directory parsing. + - Treat duplicate certificate fetches as failures, so that we do + not try to re-fetch an expired certificate over and over and over. + - Do not say we're fetching a certificate when we'll in fact skip it + because of a pending download. Changes in version 0.2.1.6-alpha - 2008-09-30 diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 4ea307d91a..8e1af408ad 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -181,6 +181,17 @@ trusted_dirs_load_certs_from_string(const char *contents, int from_store, "already have.", from_store ? "cached" : "downloaded", ds ? ds->nickname : "??"); + + /* a duplicate on a download should be treated as a failure, since it + * probably means we wanted a different secret key or we are trying to + * replace an expired cert that has not in fact been updated. */ + if (!from_store) { + log_warn(LD_DIR, "Got a certificate for %s that we already have. " + "Maybe they haven't updated it. Waiting for a while.", + ds ? ds->nickname : "??"); + authority_cert_dl_failed(cert->cache_info.identity_digest, 404); + } + authority_cert_free(cert); continue; } @@ -423,7 +434,8 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now) continue; } if (download_status_is_ready(&cl->dl_status, now, - MAX_CERT_DL_FAILURES)) { + MAX_CERT_DL_FAILURES) && + !digestmap_get(pending, voter->identity_digest)) { log_notice(LD_DIR, "We're missing a certificate from authority " "with signing key %s: launching request.", hex_str(voter->signing_key_digest, DIGEST_LEN)); @@ -449,8 +461,9 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now) break; } }); - if (!found && download_status_is_ready(&cl->dl_status, now, - MAX_CERT_DL_FAILURES)) { + if (!found && + download_status_is_ready(&cl->dl_status, now,MAX_CERT_DL_FAILURES) && + !digestmap_get(pending, ds->v3_identity_digest)) { log_notice(LD_DIR, "No current certificate known for authority %s; " "launching request.", ds->nickname); smartlist_add(missing_digests, ds->v3_identity_digest); -- cgit v1.2.3-54-g00ecf