Stop using encrypted dir connections for direct dir requests when you're

acting like a dir mirror. This should reduce load on the directory
authorities, and also will remove the ugly "We just marked ourself as
down" warnings my authorities keep getting.


svn:r14114

ChangeLog

@@ -1,9 +1,9 @@
 Changes in version 0.2.0.22-rc - 2008-03-18
   o Major features:
-    - Enable encrypted directory connections by default, so censor
-      tools that block Tor directory connections based on their plaintext
-      patterns will no longer work. This means Tor works in certain
-      censored countries by default again.
+    - Enable encrypted directory connections by default for non-relays,
+      so censor tools that block Tor directory connections based on their
+      plaintext patterns will no longer work. This means Tor works in
+      certain censored countries by default again.
 
   o Major bugfixes:
     - Make sure servers always request certificates from clients during

src/or/directory.c

@@ -625,9 +625,10 @@ directory_command_should_use_begindir(or_options_t *options, uint32_t addr,
 {
   if (!or_port)
     return 0; /* We don't know an ORPort -- no chance. */
-  if (!anonymized_connection &&
-      !fascist_firewall_allows_address_or(addr, or_port))
-    return 0; /* We're firewalled -- also no chance. */
+  if (!anonymized_connection)
+    if (!fascist_firewall_allows_address_or(addr, or_port) ||
+        directory_fetches_from_authorities(options))
+      return 0; /* We're firewalled or are acting like a relay -- also no. */
   if (!options->TunnelDirConns &&
       router_purpose != ROUTER_PURPOSE_BRIDGE)
     return 0; /* We prefer to avoid using begindir conns. Fine. */