Learn new addresses for authorities from their certificates.
svn:r12305
- When we receive a consensus from the future, warn about skew.
- Improve skew reporting: try to give the user a better log message about
how skewed they are, and how much this matters.
+ - When we have a certificate for an authority, believe that certificate's
+ claims about the authority's IP address.
o Minor features (controller):
- When reporting clock skew, and we only have a lower bound on the amount
in the future, then log about skew.
o should change the "skew complaint" to specify in largest units
rather than just seconds.
- - Learn new authority IPs from consensus/certs.
- - karsten's patches
+ o Learn new authority IPs from consensus/certs.
+ o karsten's patches
- Before the feature freeze: (Roger)
- Make tunnelled dir conns use begin_dir if enabled
V(HttpsProxyAuthenticator, STRING, NULL),
OBSOLETE("IgnoreVersion"),
V(KeepalivePeriod, INTERVAL, "5 minutes"),
+ V(LearnAuthorityAddrFromCerts, BOOL, "1"),
VAR("Log", LINELIST, Logs, NULL),
OBSOLETE("LinkPadding"),
OBSOLETE("LogLevel"),
/** DOCDOC here and in tor.1 */
char *FallbackNetworkstatusFile;
+
+ /** DOCDOC here and in tor.1 */
+ int LearnAuthorityAddrFromCerts;
+
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */
* latest certificate. */
download_status_t v2_ns_dl_status; /**< Status of downloading this server's
* v2 network status. */
+ time_t addr_current_at; /**< When was the document that we derived the
+ * address information from published? */
routerstatus_t fake_status; /**< Used when we need to pass this trusted
* dir_server_t to directory_initiate_command_*
{
trusted_dir_server_t *ds;
const char *s, *eos;
+ or_options_t *options = get_options();
for (s = contents; *s; s = eos) {
authority_cert_t *cert = authority_cert_parse_from_string(s, &eos);
continue;
smartlist_add(ds->v3_certs, cert);
+ if (options->LearnAuthorityAddrFromCerts &&
+ cert->cache_info.published_on > ds->addr_current_at) {
+ if (cert->addr && cert->dir_port &&
+ (ds->addr != cert->addr ||
+ ds->dir_port != cert->dir_port)) {
+ char *a = tor_dup_addr(cert->addr);
+ log_notice(LD_DIR, "Updating address for directory authority %s "
+ "from %s:%d to %s:%d based on in certificate.",
+ ds->nickname, ds->address, (int)ds->dir_port,
+ a, cert->dir_port);
+ tor_free(a);
+ ds->addr = cert->addr;
+ ds->dir_port = cert->dir_port;
+ }
+ ds->addr_current_at = cert->cache_info.published_on;
+ }
if (!from_store)
trusted_dir_servers_certs_changed = 1;
projects / thirdparty / tor.git / commitdiff
