[or-cvs] r14597: Fwdport Bugfix: an authority signature is "unrecognized" if (in tor/trunk: . src/or)

nickm at seul.org nickm at seul.org
Mon May 12 21:12:22 UTC 2008 

Author: nickm
Date: 2008-05-12 17:12:21 -0400 (Mon, 12 May 2008)
New Revision: 14597

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/or/networkstatus.c
Log:
 r19714 at catbus:  nickm | 2008-05-12 17:11:47 -0400
 Fwdport Bugfix: an authority signature is "unrecognized" if we lack a dirserver entry for it, even if we have an older cached certificate that says it is recognized.  This affects clients who remove entries from their dirserver list without clearing their certificate cache.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r19714] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-05-12 21:12:01 UTC (rev 14596)
+++ tor/trunk/ChangeLog	2008-05-12 21:12:21 UTC (rev 14597)
@@ -3,6 +3,8 @@
     - Fix assertion failure that could occur when a blocked circuit became
       unblocked, and it had pending client DNS requests.  Bugfix on
       0.2.0.1-alpha.  Fixes bug 632.
+    - List authority signatures as "unrecognized" based on DirServer lines,
+      not on cert cache.  Bugfix on 0.2.0.x.
 
   o Minor bugfixes:
     - Stop giving double-close warn when we reject an address for client DNS.

Modified: tor/trunk/src/or/networkstatus.c
===================================================================
--- tor/trunk/src/or/networkstatus.c	2008-05-12 21:12:01 UTC (rev 14596)
+++ tor/trunk/src/or/networkstatus.c	2008-05-12 21:12:21 UTC (rev 14597)
@@ -392,18 +392,19 @@
   {
     if (!voter->good_signature && !voter->bad_signature && voter->signature) {
       /* we can try to check the signature. */
+      int is_v3_auth = trusteddirserver_get_by_v3_auth_digest(
+                                          voter->identity_digest) != NULL;
       authority_cert_t *cert =
         authority_cert_get_by_digests(voter->identity_digest,
                                       voter->signing_key_digest);
-      if (! cert) {
-        if (!trusteddirserver_get_by_v3_auth_digest(voter->identity_digest)) {
-          smartlist_add(unrecognized, voter);
-          ++n_unknown;
-        } else {
-          smartlist_add(need_certs_from, voter);
-          ++n_missing_key;
-        }
+      if (!is_v3_auth) {
+        smartlist_add(unrecognized, voter);
+        ++n_unknown;
         continue;
+      } else if (!cert) {
+        smartlist_add(need_certs_from, voter);
+        ++n_missing_key;
+        continue;
       }
       if (networkstatus_check_voter_signature(consensus, voter, cert) < 0) {
         smartlist_add(need_certs_from, voter);

More information about the tor-commits mailing list