When we get a duplicated certificate, treat it as a failure and increment the download count. Do not claim to be downloading certificates that we merely want.

svn:r17209
2008-11-07 14:01:44 +00:00 · 2008-11-07 14:01:44 +00:00 · 5e2cdc1666
parent a15bdd3edd
commit 5e2cdc1666
2 changed files with 20 additions and 3 deletions
--- a/4
+++ b/4
@ -67,6 +67,10 @@ Changes in version 0.2.1.7-alpha - 2008-11-07
      introduction points.
    - Fix uninitialized size field for memory area allocation: may improve
      memory performance during directory parsing.
+    - Treat duplicate certificate fetches as failures, so that we do
+      not try to re-fetch an expired certificate over and over and over.
+    - Do not say we're fetching a certificate when we'll in fact skip it
+      because of a pending download.


 Changes in version 0.2.1.6-alpha - 2008-09-30
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@ -181,6 +181,17 @@ trusted_dirs_load_certs_from_string(const char *contents, int from_store,
               "already have.",
               from_store ? "cached" : "downloaded",
               ds ? ds->nickname : "??");
+
+      /* a duplicate on a download should be treated as a failure, since it
+       * probably means we wanted a different secret key or we are trying to
+       * replace an expired cert that has not in fact been updated. */
+      if (!from_store) {
+        log_warn(LD_DIR, "Got a certificate for %s that we already have. "
+                 "Maybe they haven't updated it.  Waiting for a while.",
+                 ds ? ds->nickname : "??");
+        authority_cert_dl_failed(cert->cache_info.identity_digest, 404);
+      }
+
      authority_cert_free(cert);
      continue;
    }
@ -423,7 +434,8 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
          continue;
        }
        if (download_status_is_ready(&cl->dl_status, now,
-                                     MAX_CERT_DL_FAILURES)) {
+                                     MAX_CERT_DL_FAILURES) &&
+            !digestmap_get(pending, voter->identity_digest)) {
          log_notice(LD_DIR, "We're missing a certificate from authority "
                     "with signing key %s: launching request.",
                     hex_str(voter->signing_key_digest, DIGEST_LEN));
@ -449,8 +461,9 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
            break;
          }
        });
-      if (!found && download_status_is_ready(&cl->dl_status, now,
-                                             MAX_CERT_DL_FAILURES)) {
+      if (!found &&
+          download_status_is_ready(&cl->dl_status, now,MAX_CERT_DL_FAILURES) &&
+          !digestmap_get(pending, ds->v3_identity_digest)) {
        log_notice(LD_DIR, "No current certificate known for authority %s; "
                   "launching request.", ds->nickname);
        smartlist_add(missing_digests, ds->v3_identity_digest);