[tor-commits] [tor/release-0.2.8] Switch between fallback and authority when auth cert fetch fails

nickm at torproject.org nickm at torproject.org
Thu May 12 19:35:50 UTC 2016 

commit 92d7ee08b8c51b4b29f68c6d00ca4aa91ea5a66b
Author: teor (Tim Wilson-Brown) <teor2345 at gmail.com>
Date:   Wed May 4 15:41:37 2016 +1000

    Switch between fallback and authority when auth cert fetch fails
---
 changes/bug18816    |  2 ++
 src/or/routerlist.c | 14 ++++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/changes/bug18816 b/changes/bug18816
index 7265f5a..0545512 100644
--- a/changes/bug18816
+++ b/changes/bug18816
@@ -1,4 +1,6 @@
   o Minor bugfix (bootstrap):
     - Consistently use the consensus download schedule for
       authority certificates.
+    - When downloading authority certificates fails, switch from
+      using a fallback to using an authority.
       Resolves ticket 18816; fix on fddb814fe in 0.2.4.13-alpha.
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 85e9e7d..3169343 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -912,11 +912,14 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
     } SMARTLIST_FOREACH_END(d);
 
     if (smartlist_len(fps) > 1) {
+      static int want_auth = 0;
       resource = smartlist_join_strings(fps, "", 0, NULL);
-      /* XXX - do we want certs from authorities or mirrors? - teor */
       directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
                                    resource, PDS_RETRY_IF_NO_SERVERS,
-                                   DL_WANT_ANY_DIRSERVER);
+                                   want_auth ? DL_WANT_AUTHORITY
+                                             : DL_WANT_ANY_DIRSERVER);
+      /* on failure, swap between using fallbacks and authorities */
+      want_auth = !want_auth;
       tor_free(resource);
     }
     /* else we didn't add any: they were all pending */
@@ -958,11 +961,14 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
     } SMARTLIST_FOREACH_END(d);
 
     if (smartlist_len(fp_pairs) > 1) {
+      static int want_auth = 0;
       resource = smartlist_join_strings(fp_pairs, "", 0, NULL);
-      /* XXX - do we want certs from authorities or mirrors? - teor */
       directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
                                    resource, PDS_RETRY_IF_NO_SERVERS,
-                                   DL_WANT_ANY_DIRSERVER);
+                                   want_auth ? DL_WANT_AUTHORITY
+                                             : DL_WANT_ANY_DIRSERVER);
+      /* on failure, swap between using fallbacks and authorities */
+      want_auth = !want_auth;
       tor_free(resource);
     }
     /* else they were all pending */

More information about the tor-commits mailing list