[tor-bugs] #18963 [Core Tor/Tor]: Download authority certificates even under blackholed authorities or fallbacks
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 5 13:41:29 UTC 2016
#18963: Download authority certificates even under blackholed authorities or
fallbacks
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status:
Priority: Medium | needs_review
Component: Core Tor/Tor | Milestone: Tor:
Severity: Normal | 0.2.8.x-final
Keywords: must-fix-before-028-rc, | Version: Tor:
029-proposed | 0.2.8.1-alpha
Parent ID: #18816 | Resolution:
Reviewer: | Actual Points:
| Points: small
| Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* status: needs_revision => needs_review
Comment:
Replying to [comment:6 nickm]:
> Shadowing bug:
> {{{
> + /* Look up the routerstatus for the dir_hint */
> + const routerstatus_t *rs = NULL;
> +
> + if (dir_hint) {
> + /* First try the consensus routerstatus, then the fallback
> + * routerstatus */
> + const routerstatus_t *rs =
router_get_consensus_status_by_id(dir_hint);
> }}}
>
> That inner declaration of rs shouldn't be a declaration.
NM1: We should turn on -Wshadow or something :-)
67662ec fixup! Fetch certificates from the same directory as the consensus
>
> Other than that, looks good. One thing I would like to make sure I
understand, though: what is it that makes us -not- retry the same
directory server forever here? Is it the fact that if that server at some
point refuses to give us a certificate we asked for, we will then try to
download it with dir_hint set to NULL?
Yes, the logic is as follows:
* when we successfully download a consensus, and we need certificates to
validate it, download certificates from the same directory
* as long as there are no failures when downloading certificates, and we
keep getting at least one new authority certificate, download other
certificates from the same directory
* otherwise, try a random directory
Added a comment explaining that in:
67662ec fixup! Fetch certificates from the same directory as the consensus
Don't retry the same source_dir if any certificate is bad:
a6c2bcd fixup! Fetch certificates from the same directory as previous
certificates
Only retry the same source_dir as long as it delivers at least one
authority certificate:
dafbf46 fixup! fixup! Fetch certificates from the same directory as
previous certificates
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18963#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list