r19713@catbus: nickm | 2008-05-12 17:10:37 -0400
Bugfix: an authority signature is "unrecognized" if we lack a dirserver entry for it, even if we have an older cached certificate that says it is recognized. This affects clients who remove entries from their dirserver list without clearing their certificate cache. svn:r14596
This commit is contained in:
parent
040754b3a0
commit
0fa5a9de05
|
@ -1,4 +1,8 @@
|
|||
Changes in version 0.2.0.26-rc - 2008-05-??
|
||||
o Major bugfixes:
|
||||
- List authority signatures as "unrecognized" based on DirServer lines,
|
||||
not on cert cache.
|
||||
|
||||
o Minor features:
|
||||
- Add a new V3AuthUseLegacyKey option to make it easier for authorities
|
||||
to change their identity keys if they have to.
|
||||
|
|
|
@ -392,17 +392,18 @@ networkstatus_check_consensus_signature(networkstatus_t *consensus,
|
|||
{
|
||||
if (!voter->good_signature && !voter->bad_signature && voter->signature) {
|
||||
/* we can try to check the signature. */
|
||||
int is_v3_auth = trusteddirserver_get_by_v3_auth_digest(
|
||||
voter->identity_digest) != NULL;
|
||||
authority_cert_t *cert =
|
||||
authority_cert_get_by_digests(voter->identity_digest,
|
||||
voter->signing_key_digest);
|
||||
if (! cert) {
|
||||
if (!trusteddirserver_get_by_v3_auth_digest(voter->identity_digest)) {
|
||||
smartlist_add(unrecognized, voter);
|
||||
++n_unknown;
|
||||
} else {
|
||||
smartlist_add(need_certs_from, voter);
|
||||
++n_missing_key;
|
||||
}
|
||||
if (!is_v3_auth) {
|
||||
smartlist_add(unrecognized, voter);
|
||||
++n_unknown;
|
||||
continue;
|
||||
} else if (!cert) {
|
||||
smartlist_add(need_certs_from, voter);
|
||||
++n_missing_key;
|
||||
continue;
|
||||
}
|
||||
if (networkstatus_check_voter_signature(consensus, voter, cert) < 0) {
|
||||
|
|
Loading…
Reference in New Issue