be less aggressive about deleting expired certs. based on patch from rovv. partial...

svn:r17246

diff --git a/ChangeLog b/ChangeLog
index 9556c678c3d897c7ad8a9e5f88dc26e534563467..04479234a1af8b8b0b4df3a0e5a5e4604d1d9461 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@ Changes in version 0.2.1.8-alpha - 2008-??-??
   o Minor bugfixes:
     - Get file locking working on win32.  Bugfix on 0.2.1.6-alpha.  Fixes
       bug 859.
+    - Made Tor a little less aggressive about deleting expired certificates.
+      Partial fix for bug 854.
 
   o Minor features (controller):
     - Return circuit purposes in response to GETINFO circuit-status.  Fixes

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index d68785ff9953336e3b219b175aa67b36f3da6a6f..a75bfc7a17619fb77748384517f4cb0b183b4d5f 100644 (file)
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -278,23 +278,40 @@ trusted_dirs_flush_certs_to_disk(void)
 static void
 trusted_dirs_remove_old_certs(void)
 {
-#define OLD_CERT_LIFETIME (48*60*60)
+  time_t now = time(NULL);
+#define DEAD_CERT_LIFETIME (2*24*60*60)
+#define OLD_CERT_LIFETIME (7*24*60*60)
   if (!trusted_dir_certs)
     return;
 
+  log_notice(LD_DIR, "REMOVE OLD");
+
   DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
     authority_cert_t *newest = NULL;
     SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
           if (!newest || (cert->cache_info.published_on >
                           newest->cache_info.published_on))
             newest = cert);
-    SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
-          if (newest && (newest->cache_info.published_on >
-                         cert->cache_info.published_on + OLD_CERT_LIFETIME)) {
-            SMARTLIST_DEL_CURRENT(cl->certs, cert);
-            authority_cert_free(cert);
-            trusted_dir_servers_certs_changed = 1;
-          });
+    if (newest) {
+      const time_t newest_published = newest->cache_info.published_on;
+      SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
+        int expired;
+        time_t cert_published;
+        if (newest == cert)
+          continue;
+        expired = ftime_definitely_after(now, cert->expires);
+        cert_published = cert->cache_info.published_on;
+        /* Store expired certs for 48 hours after a newer arrives;
+         */
+        if (expired ?
+            (newest_published + DEAD_CERT_LIFETIME < now) :
+            (cert_published + OLD_CERT_LIFETIME < newest_published)) {
+          SMARTLIST_DEL_CURRENT(cl->certs, cert);
+          authority_cert_free(cert);
+          trusted_dir_servers_certs_changed = 1;
+        }
+      } SMARTLIST_FOREACH_END(cert);
+    }
   } DIGESTMAP_FOREACH_END;
 #undef OLD_CERT_LIFETIME