Clients and non-caches do not need to cache unrecognized authority certificates.
svn:r18480
This commit is contained in:
parent
009752823a
commit
356b40f58b
|
@ -14,6 +14,8 @@ Changes in version 0.2.1.13-????? - 2009-0?-??
|
|||
cells. Bugfix on 0.2.1.3-alpha. Fixes more of bug 878.
|
||||
- As an exit node, scrub the IP address to which we are exiting in the
|
||||
logs. Bugfix on 0.2.1.8-alpha.
|
||||
- Clients no longer cache certificates for authorities they do not
|
||||
recognize. Bugfix on 0.2.0.9-alpha.
|
||||
|
||||
o Minor features:
|
||||
- On Linux, use the prctl call to re-enable core dumps when the user
|
||||
|
|
|
@ -202,10 +202,16 @@ trusted_dirs_load_certs_from_string(const char *contents, int from_store,
|
|||
"signing key %s", from_store ? "cached" : "downloaded",
|
||||
ds->nickname, hex_str(cert->signing_key_digest,DIGEST_LEN));
|
||||
} else {
|
||||
log_info(LD_DIR, "Adding %s certificate for unrecognized directory "
|
||||
int adding = directory_caches_dir_info(get_options());
|
||||
log_info(LD_DIR, "%s %s certificate for unrecognized directory "
|
||||
"authority with signing key %s",
|
||||
adding ? "Adding" : "Not adding",
|
||||
from_store ? "cached" : "downloaded",
|
||||
hex_str(cert->signing_key_digest,DIGEST_LEN));
|
||||
if (!adding) {
|
||||
authority_cert_free(cert);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
cl = get_cert_list(cert->cache_info.identity_digest);
|
||||
|
|
Loading…
Reference in New Issue