[tor-commits] [tor/maint-0.2.9] When downloading certificates, check for related failures

nickm at torproject.org nickm at torproject.org
Mon Nov 7 14:32:38 UTC 2016


commit e819d420c5b8e1d1b632c27d621de26f5f489663
Author: teor <teor2345 at gmail.com>
Date:   Tue Nov 8 00:01:20 2016 +1100

    When downloading certificates, check for related failures
    
    If a consensus expires while we are waiting for certificates to download,
    stop waiting for certificates.
    
    If we stop waiting for certificates less than a minute after we started
    downloading them, do not consider the certificate download failure a
    separate failure.
    
    Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha.
---
 changes/bug20533       |  7 +++++++
 src/or/networkstatus.c | 17 +++++++++++++----
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/changes/bug20533 b/changes/bug20533
new file mode 100644
index 0000000..7d1a456
--- /dev/null
+++ b/changes/bug20533
@@ -0,0 +1,7 @@
+  o Minor bugfixes (consensus downloads):
+    - If a consensus expires while we are waiting for certificates to download,
+      stop waiting for certificates.
+    - If we stop waiting for certificates less than a minute after we started
+      downloading them, do not consider the certificate download failure a
+      separate failure.
+      Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha.
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 49baeb8..306857f 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -815,9 +815,15 @@ we_want_to_fetch_flavor(const or_options_t *options, int flavor)
  * fetching certs before we check whether there is a better one? */
 #define DELAY_WHILE_FETCHING_CERTS (20*60)
 
+/** What is the minimum time we need to have waited fetching certs, before we
+ * increment the consensus download schedule on failure? */
+#define MIN_DELAY_FOR_FETCH_CERT_STATUS_FAILURE (1*60)
+
 /* Check if a downloaded consensus flavor should still wait for certificates
- * to download now.
- * If so, return 1. If not, fail dls and return 0. */
+ * to download now. If we decide not to wait, check if enough time has passed
+ * to consider the certificate download failure a separate failure. If so,
+ * fail dls.
+ * If waiting for certificates to download, return 1. If not, return 0. */
 static int
 check_consensus_waiting_for_certs(int flavor, time_t now,
                                   download_status_t *dls)
@@ -831,11 +837,14 @@ check_consensus_waiting_for_certs(int flavor, time_t now,
   waiting = &consensus_waiting_for_certs[flavor];
   if (waiting->consensus) {
     /* XXXX make sure this doesn't delay sane downloads. */
-    if (waiting->set_at + DELAY_WHILE_FETCHING_CERTS > now) {
+    if (waiting->set_at + DELAY_WHILE_FETCHING_CERTS > now &&
+        waiting->consensus->valid_until > now) {
       return 1;
     } else {
       if (!waiting->dl_failed) {
-        download_status_failed(dls, 0);
+        if (waiting->set_at + MIN_DELAY_FOR_FETCH_CERT_STATUS_FAILURE > now) {
+          download_status_failed(dls, 0);
+        }
         waiting->dl_failed=1;
       }
     }





More information about the tor-commits mailing list