Opened 11 years ago

Last modified 7 years ago

#546 closed defect (Fixed)

missing cert launches never back off

Reported by: arma Owned by:
Priority: High Milestone: 0.2.0.10-alpha
Component: Core Tor/Tor Version: 0.2.0.9-alpha
Severity: Keywords:
Cc: arma, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I just added ides as a new v3 authority to my config.c (on moria[12] and on my
bridge relay), and now

Nov 07 16:24:07.260 [notice] Launching request for 1 missing certificates
Nov 07 16:24:07.261 [warn] Received http status code 404 ("Not found") from serv
er '128.31.0.34:9031' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BC
EB6BCC86956".
Nov 07 16:24:07.261 [notice] Launching request for 1 missing certificates
Nov 07 16:24:07.469 [warn] Received http status code 404 ("Not found") from serv
er '86.59.21.38:80' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB
6BCC86956".
Nov 07 16:24:07.469 [notice] Launching request for 1 missing certificates
Nov 07 16:24:07.616 [warn] Received http status code 404 ("Not found") from serv
er '216.224.124.114:9030' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488A
A5BCEB6BCC86956".
Nov 07 16:24:07.616 [notice] Launching request for 1 missing certificates
Nov 07 16:24:07.616 [warn] Received http status code 404 ("Not found") from serv
er '128.31.0.34:9031' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BC
EB6BCC86956".
Nov 07 16:24:07.617 [notice] Launching request for 1 missing certificates
Nov 07 16:24:07.618 [warn] Received http status code 404 ("Not found") from server '128.31.0.34:9031' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".

it repeats ad infinitum without ever backing off.

(The other half of the bug might be that this cert isn't to be found anywhere,
even though ides is running. How are certs for new authorities supposed to get
spread around the network?)

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (9)

comment:1 Changed 11 years ago by nickm

they publish them as part of their vote.

comment:2 Changed 11 years ago by arma

Ok. So what am I supposed to do? Wait until it generates another vote? Do I need
to keep moria1 up so it will accept the vote? If so, should it perhaps try to fetch the
vote from the person it's so verbosely complaining about? Or is this a rare enough
event that more code isn't needed?

In any case, backing off is probably a useful bugfix.

comment:3 Changed 11 years ago by nickm

So, this shouldn't be happening. :)

When a cert download fails, we're supposed to calll connection_dir_download_failed(), which is supposed to
increment the failure count in the trusted_dir_server_t's cert_dl_status field. Later, in
authority_cert_fetch_missing(), we only try to fetch the certificate if download_status_is_ready thinks that
the cert_dl_status field is ready to get retried.

comment:4 Changed 11 years ago by nickm

Ok. So what am I supposed to do?

Upgrade to r12425. ;)

comment:5 Changed 11 years ago by arma

Now on my bridge, it tries once a minute to get the cert from ides:

Nov 07 20:17:24.184 [info] routerlist_remove_old_routers(): We have 2300 live ro
uters and 14488 old router descriptors. At most 2610 must be retained because of

networkstatuses.

Nov 07 20:17:24.195 [notice] Launching request for 1 missing certificates
Nov 07 20:17:24.347 [info] connection_dir_client_reached_eof(): Received authori
ty certificates (size 1634) from server '216.224.124.114:9030'
Nov 07 20:17:24.348 [info] connection_dir_client_reached_eof(): Successfully loa
ded certificates from fetch.
Nov 07 20:17:35.205 [info] update_consensus_router_descriptor_downloads(): 0 rou
ter descriptors downloadable. 0 delayed; 2216 present (0 of those were in old_ro
uters); 0 would_reject; 0 wouldnt_use, 0 in progress.
Nov 07 20:18:25.226 [info] routerlist_remove_old_routers(): We have 2300 live ro
uters and 14488 old router descriptors. At most 2610 must be retained because of

networkstatuses.

Nov 07 20:18:25.237 [notice] Launching request for 1 missing certificates
Nov 07 20:18:25.239 [info] connection_dir_client_reached_eof(): Received authori
ty certificates (size 1634) from server '128.31.0.34:9031'
Nov 07 20:18:25.239 [info] connection_dir_client_reached_eof(): Successfully loa
ded certificates from fetch.
Nov 07 20:18:36.259 [info] update_consensus_router_descriptor_downloads(): 0 rou
ter descriptors downloadable. 0 delayed; 2216 present (0 of those were in old_ro
uters); 0 would_reject; 0 wouldnt_use, 0 in progress.

It appears to be fetching the cert from ides, noticing it already has it, but not
noticing that it should stop trying?

My tor client (r12427) appears to be doing something similar:
Nov 07 20:21:45.909 [debug] connection_dir_client_reached_eof(): Received respon
se from directory server '85.25.253.169:9001': 200 "OK"
Nov 07 20:21:45.909 [debug] connection_dir_client_reached_eof(): Time on receive
d directory is within tolerance; we are 63 seconds skewed. (That's okay.)
Nov 07 20:21:45.909 [info] connection_dir_client_reached_eof(): Received authori
ty certificates (size 1634) from server '85.25.253.169:9001'
Nov 07 20:21:45.909 [debug] authority_cert_parse_from_string(): We already check
ed the signature on this certificate; no need to do so again.
Nov 07 20:21:45.909 [info] connection_dir_client_reached_eof(): Successfully loa
ded certificates from fetch.

comment:6 Changed 11 years ago by nickm

I've added some log messages to try to track this better if it comes back.

comment:7 Changed 11 years ago by nickm

I believe that this bug is dead, and is either reincarnated or replaced by 569 and 570. Marking this one
fixed.

comment:8 Changed 11 years ago by nickm

flyspray2trac: bug closed.

comment:9 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.