[tor-bugs] #2297 [Tor Client]: fetching certs for legacy keys?
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Mar 30 19:29:25 UTC 2012
#2297: fetching certs for legacy keys?
------------------------+---------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Changes (by nickm):
* status: needs_revision => needs_review
Comment:
Examining again, this fix seems less than wholly related to the issue.
The behavior of the fix is to *narrow* the circumstances under which we
download and/or store certificates for authorities which we don't
recognize. Currently, we do this if we serve directory information, or if
we are an exit.
It's correct that if we're just an exit node, not a directory or a bridge,
we don't need to fetch or store these certificates. So in that respect
the patch is correct.
But it's not a necessarily patch for the original issue, I think. Ian's
issue was that his server was fetching these certs on _every_ startup, and
he wondered, "Why are we continually missing them?" And I don't see how
this patch actually addresses that, unless there's some code someplace
else that discards these certs as unwanted after getting them.
Nonetheless I've ported this patch to master, and written what I think is
an accurate changes message; it makes stuff better, whether it solves the
issue Ian was seeing or not. I'm not keen to merge it back to 0.2.2.x
unless somebody sees some reason why the current behavior is actually
causing trouble.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2297#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list