mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 10:12:15 +01:00
r11799@Kushana: nickm | 2007-01-02 16:38:34 -0500
Simplify and remove most of dirserv_orconn_tls_cone svn:r9243
This commit is contained in:
parent
5ed4cc2355
commit
cbdd21cbf5
@ -129,6 +129,8 @@ Changes in version 0.1.2.5-xxxx - 200?-??-??
|
||||
our nameservers have failed. (Bug #326.)
|
||||
- When we only have one nameserver, raise the threshold for deciding that
|
||||
the nameserver is dead. (Also bug #326)
|
||||
- Directory authorities now only decide that routers are reachable
|
||||
if their identity keys are as expected.
|
||||
|
||||
o Controller features:
|
||||
- Have GETINFO dir/status/* work on hosts with DirPort disabled.
|
||||
|
@ -1811,9 +1811,7 @@ dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
|
||||
/** Called when a TLS handshake has completed successfully with a
|
||||
* router listening at <b>address</b>:<b>or_port</b>, and has yielded
|
||||
* a certificate with digest <b>digest_rcvd</b> and nickname
|
||||
* <b>nickname_rcvd</b>. When this happens, it's clear that any other
|
||||
* descriptors for that address/port combination must be unusable:
|
||||
* delete them if they are not valid.
|
||||
* <b>nickname_rcvd</b>.
|
||||
*
|
||||
* Also, if as_advertised is 1, then inform the reachability checker
|
||||
* that we could get to this guy.
|
||||
@ -1825,49 +1823,25 @@ dirserv_orconn_tls_done(const char *address,
|
||||
const char *nickname_rcvd,
|
||||
int as_advertised)
|
||||
{
|
||||
int i;
|
||||
routerlist_t *rl = router_get_routerlist();
|
||||
tor_assert(address);
|
||||
tor_assert(digest_rcvd);
|
||||
tor_assert(nickname_rcvd);
|
||||
(void) as_advertised; // XXXX012 This should really be implemented. -NM
|
||||
|
||||
// XXXXNM We should really have a better solution here than dropping
|
||||
// XXXXNM whole routers; otherwise, they come back way too easily.
|
||||
for (i = 0; i < smartlist_len(rl->routers); ++i) {
|
||||
routerinfo_t *ri = smartlist_get(rl->routers, i);
|
||||
int drop = 0;
|
||||
if (strcasecmp(address, ri->address) || or_port != ri->or_port)
|
||||
continue;
|
||||
/* XXX012 For 0.1.2.x, we should do something smarter here than !is_valid.
|
||||
*/
|
||||
if (!ri->is_valid) {
|
||||
/* We have a router at the same address! */
|
||||
if (strcasecmp(ri->nickname, nickname_rcvd)) {
|
||||
log_notice(LD_DIRSERV,
|
||||
"Dropping old invalid descriptor: nickname '%s' does "
|
||||
"not match nickname '%s' in new cert from %s:%d",
|
||||
ri->nickname, nickname_rcvd, address, or_port);
|
||||
drop = 1;
|
||||
} else if (memcmp(ri->cache_info.identity_digest, digest_rcvd,
|
||||
DIGEST_LEN)) {
|
||||
log_notice(LD_DIRSERV,
|
||||
"Dropping old invalid descriptor for nickname '%s': "
|
||||
"identity key does not match key in new cert from %s:%d",
|
||||
ri->nickname, address, or_port);
|
||||
drop = 1;
|
||||
}
|
||||
}
|
||||
if (drop) {
|
||||
routerlist_remove(rl, ri, i--, 0);
|
||||
directory_set_dirty();
|
||||
} else { /* correct nickname and digest. mark this router reachable! */
|
||||
SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
|
||||
if (!strcasecmp(address, ri->address) && or_port == ri->or_port &&
|
||||
!memcmp(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN) &&
|
||||
as_advertised) {
|
||||
/* correct nickname and digest. mark this router reachable! */
|
||||
log_info(LD_DIRSERV, "Found router %s to be reachable. Yay.",
|
||||
ri->nickname);
|
||||
ri->last_reachable = time(NULL);
|
||||
ri->num_unreachable_notifications = 0;
|
||||
}
|
||||
}
|
||||
});
|
||||
/* FFFF Maybe we should reinstate the code that dumps routers with the same
|
||||
* addr/port but with nonmatching keys, but instead of dumping, we should
|
||||
* skip testing. */
|
||||
}
|
||||
|
||||
/** Auth dir server only: if <b>try_all</b> is 1, launch connections to
|
||||
|
Loading…
Reference in New Issue
Block a user