Commit f0e523c6 authored by Nick Mathewson's avatar Nick Mathewson 🤹
Browse files

r18272@catbus: nickm | 2008-02-20 18:20:33 -0500 

 add a flag to suppress overwriting the certificates file with new certificates, so we do not overwrite all certs when starting as an authority.


svn:r13630
parent ba977ed4

ChangeLog

+2 −0
Original line number Diff line number Diff line
@@ -56,6 +56,8 @@ Changes in version 0.2.0.20-?? - 2008-02-?? 
    - We were comparing the raw BridgePassword entry with a base64'ed

      version of it, when handling a "/tor/networkstatus-bridges"

      directory request. Now compare correctly. Noticed by Veracode.

    - When starting as an authority, do not overwrite all certificates

      cached from author authorities.  Bugfix on 0.2.0.x.  Fixes bug 606.



  o Code simplifications and refactoring:

    - Remove the tor_strpartition function: its logic was confused,

src/or/buffers.c

+2 −2
Original line number Diff line number Diff line
@@ -13,7 +13,7 @@ const char buffers_c_id[] = 
 * fairly opaque string holders that can read to or flush from:

 * memory, file descriptors, or TLS connections.

 **/



#define BUFFERS_PRIVATE

#include "or.h"



//#define PARANOIA
@@ -1075,7 +1075,7 @@ buf_matches_at_pos(const buf_pos_t *pos, const char *s, size_t n) 


/** Return the first position in <b>buf</b> at which the <b>n</b>-character

 * string <b>s</b> occurs, or -1 if it does not occur. */

static int

/*private*/ int

buf_find_string_offset(const buf_t *buf, const char *s, size_t n)

{

  buf_pos_t pos;

src/or/directory.c

+1 −1
Original line number Diff line number Diff line
@@ -1533,7 +1533,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn) 
    }

    log_info(LD_DIR,"Received authority certificates (size %d) from server "

             "'%s:%d'",(int) body_len, conn->_base.address, conn->_base.port);

    if (trusted_dirs_load_certs_from_string(body, 0)<0) {

    if (trusted_dirs_load_certs_from_string(body, 0, 1)<0) {

      log_warn(LD_DIR, "Unable to parse fetched certificates");

      connection_dir_download_cert_failed(conn, status_code);

    } else {

src/or/dirvote.c

+1 −1
Original line number Diff line number Diff line
@@ -1543,7 +1543,7 @@ dirvote_add_vote(const char *vote_body, const char **msg_out, int *status_out) 
    /* Hey, it's a new cert! */

    trusted_dirs_load_certs_from_string(

                               vote->cert->cache_info.signed_descriptor_body,

                               0 /* from_store */);

                               0 /* from_store */, 1 /*flush*/);

    if (!authority_cert_get_by_digests(vote->cert->cache_info.identity_digest,

                                       vote->cert->signing_key_digest)) {

      log_warn(LD_BUG, "We added a cert, but still couldn't find it.");

src/or/or.h

+6 −1
Original line number Diff line number Diff line
@@ -2471,6 +2471,10 @@ int peek_buf_has_control0_command(buf_t *buf); 


void assert_buf_ok(buf_t *buf);



#ifdef BUFFERS_PRIVATE

int buf_find_string_offset(const buf_t *buf, const char *s, size_t n);

#endif



/********************************* circuitbuild.c **********************/



char *circuit_list_path(origin_circuit_t *circ, int verbose);
@@ -3846,7 +3850,8 @@ typedef struct trusted_dir_server_t { 


int get_n_authorities(authority_type_t type);

int trusted_dirs_reload_certs(void);

int trusted_dirs_load_certs_from_string(const char *contents, int from_store);

int trusted_dirs_load_certs_from_string(const char *contents, int from_store,

                                        int flush);

void trusted_dirs_flush_certs_to_disk(void);

authority_cert_t *authority_cert_get_newest_by_id(const char *id_digest);

authority_cert_t *authority_cert_get_by_sk_digest(const char *sk_digest);