[tor-commits] [tor/maint-0.2.4] Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4

nickm at torproject.org nickm at torproject.org
Mon Apr 14 22:00:44 UTC 2014


commit 149931571a4c5ad9ec24eb6d4306e8965a454211
Merge: 47f7085 75b4975
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Apr 14 18:00:38 2014 -0400

    Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
    
    Conflicts:
    	src/or/routerlist.h

 changes/bug11464_023   |    5 +++++
 src/or/networkstatus.c |   11 +++++++++++
 src/or/routerlist.c    |   33 +++++++++++++++++++++++++++++++++
 src/or/routerlist.h    |    1 +
 src/or/routerparse.c   |    8 ++++++++
 5 files changed, 58 insertions(+)

diff --cc src/or/routerlist.c
index cb39729,a7968be..b49dc1a
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@@ -600,39 -455,42 +600,72 @@@ authority_cert_dl_failed(const char *id
        !(cl = digestmap_get(trusted_dir_certs, id_digest)))
      return;
  
 -  download_status_failed(&cl->dl_status, status);
 +  /*
 +   * Are we noting a failed download of the latest cert for the id digest,
 +   * or of a download by (id, signing key) digest pair?
 +   */
 +  if (!signing_key_digest) {
 +    /* Just by id digest */
 +    download_status_failed(&cl->dl_status_by_id, status);
 +  } else {
 +    /* Reset by (id, signing key) digest pair
 +     *
 +     * Look for a download_status_t in the map with this digest
 +     */
 +    dlstatus = dsmap_get(cl->dl_status_map, signing_key_digest);
 +    /* Got one? */
 +    if (dlstatus) {
 +      download_status_failed(dlstatus, status);
 +    } else {
 +      /*
 +       * Do this rather than hex_str(), since hex_str clobbers
 +       * old results and we call twice in the param list.
 +       */
 +      base16_encode(id_digest_str, sizeof(id_digest_str),
 +                    id_digest, DIGEST_LEN);
 +      base16_encode(sk_digest_str, sizeof(sk_digest_str),
 +                    signing_key_digest, DIGEST_LEN);
 +      log_warn(LD_BUG,
 +               "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
 +               "status %d, but knew nothing about the download.",
 +               id_digest_str, sk_digest_str, status);
 +    }
 +  }
  }
  
+ static const char *BAD_SIGNING_KEYS[] = {
+   "09CD84F751FD6E955E0F8ADB497D5401470D697E", // Expires 2015-01-11 16:26:31
+ // dizum still needs to rotate as of 2014-04-14
+ //"0E7E9C07F0969D0468AD741E172A6109DC289F3C", // Expires 2014-08-12 10:18:26
+ // dannenberg still needs to rotate as of 2014-04-14
+ //"57B85409891D3FB32137F642FDEDF8B7F8CDFDCD", // Expires 2015-02-11 17:19:09
+   "87326329007AF781F587AF5B594E540B2B6C7630", // Expires 2014-07-17 11:10:09
+   "98CC82342DE8D298CF99D3F1A396475901E0D38E", // Expires 2014-11-10 13:18:56
+   "9904B52336713A5ADCB13E4FB14DC919E0D45571", // Expires 2014-04-20 20:01:01
+   "9DCD8E3F1DD1597E2AD476BBA28A1A89F3095227", // Expires 2015-01-16 03:52:30
+   "A61682F34B9BB9694AC98491FE1ABBFE61923941", // Expires 2014-06-11 09:25:09
+   "B59F6E99C575113650C99F1C425BA7B20A8C071D", // Expires 2014-07-31 13:22:10
+   "D27178388FA75B96D37FA36E0B015227DDDBDA51", // Expires 2014-08-04 04:01:57
+   NULL,
+ };
+ 
+ /** DOCDOC */
+ int
+ authority_cert_is_blacklisted(const authority_cert_t *cert)
+ {
+   char hex_digest[HEX_DIGEST_LEN+1];
+   int i;
+   base16_encode(hex_digest, sizeof(hex_digest),
+                 cert->signing_key_digest, sizeof(cert->signing_key_digest));
+ 
+   for (i = 0; BAD_SIGNING_KEYS[i]; ++i) {
+     if (!strcasecmp(hex_digest, BAD_SIGNING_KEYS[i])) {
+       return 1;
+     }
+   }
+   return 0;
+ }
+ 
  /** Return true iff when we've been getting enough failures when trying to
   * download the certificate with ID digest <b>id_digest</b> that we're willing
   * to start bugging the user about it. */
diff --cc src/or/routerlist.h
index ce0f0f2,bd55b7b..5056858
--- a/src/or/routerlist.h
+++ b/src/or/routerlist.h
@@@ -39,8 -25,8 +39,9 @@@ void authority_cert_dl_failed(const cha
  void authority_certs_fetch_missing(networkstatus_t *status, time_t now);
  int router_reload_router_list(void);
  int authority_cert_dl_looks_uncertain(const char *id_digest);
 +const smartlist_t *router_get_trusted_dir_servers(void);
 +const smartlist_t *router_get_fallback_dir_servers(void);
+ int authority_cert_is_blacklisted(const authority_cert_t *cert);
 -smartlist_t *router_get_trusted_dir_servers(void);
  
  const routerstatus_t *router_pick_directory_server(dirinfo_type_t type,
                                                     int flags);



More information about the tor-commits mailing list