[tor-bugs] #24740 [Core Tor/Tor]: Tor launches two requests for authority certificates on first bootstrap
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Mar 3 21:48:59 UTC 2018
#24740: Tor launches two requests for authority certificates on first bootstrap
-------------------------------------------------+-------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: High | Milestone: Tor:
| 0.3.4.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.2.9.1-alpha
Severity: Normal | Resolution:
Keywords: tor-bootstrap, tor-bandwidth, easy, | Actual Points:
intro |
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
| Sponsor8-can
-------------------------------------------------+-------------------------
Changes (by teor):
* version: => Tor: 0.2.9.1-alpha
Comment:
Replying to [comment:2 fristonio]:
> Which part of the codebase is this hinted request made in, what I got
from the code is that when the bootstrapping process starts Tor parses the
certificates first from the cached-certs file.
When Tor first bootstraps, this file does not exist, so there are no
cached certificates.
So at this step, Tor does nothing.
> Then Tor parses microdesc-consensus from the disk and sets the current
consensus based on them
When Tor first bootstraps, this file does not exist, so there is no cached
consensus.
So at this step, Tor downloads the consensus:
https://gitweb.torproject.org/tor.git/tree/src/or/networkstatus.c#n961
Then, once it receives the consensus, it sends a request for the certs to
the same directory mirror that it just got the consensus from, using the
fingerprint of that directory mirror as a hint:
https://gitweb.torproject.org/tor.git/tree/src/or/directory.c#n2614
https://gitweb.torproject.org/tor.git/tree/src/or/networkstatus.c#n1887
> during this process it launches certificate fetch if not enough
certificate are available to validate the consensus.
This step always happens on first bootstrap, because there are no cached
certificates.
> Then it reloads the router list after this we set up periodic callbacks.
I couldn't locate where the hinted request is made. Any help :)
The periodic callbacks also download certificates:
https://gitweb.torproject.org/tor.git/tree/src/or/networkstatus.c#n1242
This is the source of the duplicate certificate fetch.
We need to move this line:
https://gitweb.torproject.org/tor.git/tree/src/or/networkstatus.c#n1242
To here:
https://gitweb.torproject.org/tor.git/tree/src/or/networkstatus.c#n956
With a comment that says that either:
* we are waiting for certificates, and we've launched a certificate
download
* we are waiting for a consensus, and we've launched a consensus download,
which will launch a certificate download when it completes
This is a bugfix on #18963 in 0.2.9.1-alpha.
But it's only a load issue, so it's not a backport candidate.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24740#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list