Clients and non-caches do not need to cache unrecognized authority certificates.

svn:r18480
2009-02-10 20:28:30 +00:00 · 2009-02-10 20:28:30 +00:00 · 356b40f58b
parent 009752823a
commit 356b40f58b
2 changed files with 9 additions and 1 deletions
--- a/2
+++ b/2
@ -14,6 +14,8 @@ Changes in version 0.2.1.13-????? - 2009-0?-??
      cells. Bugfix on 0.2.1.3-alpha. Fixes more of bug 878.
    - As an exit node, scrub the IP address to which we are exiting in the
      logs. Bugfix on 0.2.1.8-alpha.
+    - Clients no longer cache certificates for authorities they do not
+      recognize.  Bugfix on 0.2.0.9-alpha.

  o Minor features:
    - On Linux, use the prctl call to re-enable core dumps when the user
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@ -202,10 +202,16 @@ trusted_dirs_load_certs_from_string(const char *contents, int from_store,
               "signing key %s", from_store ? "cached" : "downloaded",
               ds->nickname, hex_str(cert->signing_key_digest,DIGEST_LEN));
    } else {
-      log_info(LD_DIR, "Adding %s certificate for unrecognized directory "
+      int adding = directory_caches_dir_info(get_options());
+      log_info(LD_DIR, "%s %s certificate for unrecognized directory "
               "authority with signing key %s",
+               adding ? "Adding" : "Not adding",
               from_store ? "cached" : "downloaded",
               hex_str(cert->signing_key_digest,DIGEST_LEN));
+      if (!adding) {
+        authority_cert_free(cert);
+        continue;
+      }
    }

    cl = get_cert_list(cert->cache_info.identity_digest);