Download authority certificates even under blackholed authorities or fallbacks
Our fix for #18816 (moved) is still not great if a significant number of fallbacks are blocked or blackholed. There are a few options to deal with this:
- do what we do with the consensus, and try multiple, simultaneous connections to both authorities and fallback directories, use the first one that succeeds, and close the rest,
- if the connection to a fallback fails, try an authority (this still doesn't help with blackholed fallbacks),
- or any of the other options arma mentions in #18816 (moved):
Longer term (0.2.9 and later), I think we should explore a) having directory_get_from_dirserver() notice that there are tls conns established to dir mirrors that we just recently used (and prefer them), or b) trying to explicitly remember the dir mirror that gave us the consensus and re-use it, and/or c) designing a piggy-back mechanism so we can ask for "the certs that go with this consensus" when we're fetching a consensus and we know we will want the certs for it too (thus saving a round-trip).