obsolete tor clients hammering original v1 dir authorities
Several obsolete v3 certs expired recently, and it turns out there are still some Tor clients running that don't have this fix from 0.2.0.10-alpha:
- Avoid sending a request for "keys/fp" (for which we'll get a 400 Bad Request) if we need more v3 certs but we've already got pending requests for all of them.
In particular, here are the three: fingerprint E2A2AF570166665D738736D0DD58169CC61D8A8B dir-key-published 2010-04-16 18:07:53 dir-key-expires 2011-04-16 18:07:53
fingerprint A9AC67E64B200BBF2FA26DF194AC0469E2A948C6 dir-key-published 2009-04-12 17:31:36 dir-key-expires 2011-04-12 17:31:36
fingerprint 5420FD8EA46BD4290F1D07A1883C9D85ECC486C4 dir-key-published 2010-04-16 18:00:26 dir-key-expires 2011-04-16 18:00:26
moria1 has 23000 directory connections open right now, and it's seeing a dozen requests a second for one or more of the above certs.