[tor-bugs] #5595 [Tor]: Some relays tried to refetch maatuska's new certificate repeatedly

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu May 9 16:38:00 UTC 2013 

#5595: Some relays tried to refetch maatuska's new certificate repeatedly
------------------------------------+---------------------------------------
 Reporter:  rransom                 |          Owner:  andrea            
     Type:  defect                  |         Status:  needs_revision    
 Priority:  critical                |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor                     |        Version:                    
 Keywords:  tor-relay 023-backport  |         Parent:                    
   Points:                          |   Actualpoints:                    
------------------------------------+---------------------------------------

Comment(by andrea):

 Replying to [comment:18 nickm]:
 > Looks good! Here's what I saw while reading it.
 >
 > I'd like to request basic unit tests on the fp_pair_t map code.
 >
 > fp_pair_map_{set,get}_by_digests could save some duplicated code by
 being a wrapper on fp_pair_map_{set,get}.

 Okay, I'll do those.

 > Should we still be calling "authority_cert_dl_failed" from
 trusted_dirs_load_certs_from_string?   Even if so, I 'm not sure the
 comment in front of that point starting with "a duplicate on a download"
 any more.

 I don't think we should remove the check; there are probably still
 possible edge cases where a duplicate cert might get downloaded.  The
 comment could stand rewording in light of fixing this bug, though.

 > Should the log_warn in authority_cert_dl_failed be LD_BUG?

 Changed.

 > Does authority_cert_dl_looks_uncertain need a variant that looks at
 id/sk failures? Or should it look at the number of id/sk failures itself?

 No it doesn't; it's only called from
 networkstatus_check_consensus_signature() which is concerned with the
 trusted auth cert downloads.

 > When constructing the fp_pair string, I would be much more comfortable
 with something tor_asprintf()-based.   I don't believe there are any bugs
 in what you have now, but I want to get us out of the habit of doing
 string construction like this.

 Okay, changed.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5595#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list