Tor
0.4.7.0-alpha-dev
|
Header file for authcert.c. More...
#include "lib/testsupport/testsupport.h"
Go to the source code of this file.
Macros | |
#define | TRUSTED_DIRS_CERTS_SRC_SELF 0 |
#define | TRUSTED_DIRS_CERTS_SRC_FROM_STORE 1 |
#define | TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST 2 |
#define | TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST 3 |
#define | TRUSTED_DIRS_CERTS_SRC_FROM_VOTE 4 |
#define | authority_cert_free(cert) FREE_AND_NULL(authority_cert_t, authority_cert_free_, (cert)) |
Header file for authcert.c.
Definition in file authcert.h.
void authority_cert_dl_failed | ( | const char * | id_digest, |
const char * | signing_key_digest, | ||
int | status | ||
) |
Called when an attempt to download a certificate with the authority with ID id_digest and, if not NULL, signed with key signing_key_digest fails with HTTP response code status: remember the failure, so we don't try again immediately.
Definition at line 681 of file authcert.c.
int authority_cert_dl_looks_uncertain | ( | const char * | id_digest | ) |
Return true iff when we've been getting enough failures when trying to download the certificate with ID digest id_digest that we're willing to start bugging the user about it.
Definition at line 763 of file authcert.c.
void authority_cert_free_ | ( | authority_cert_t * | cert | ) |
Free storage held in cert.
Definition at line 1162 of file authcert.c.
void authority_cert_get_all | ( | smartlist_t * | certs_out | ) |
Add every known authority_cert_t to certs_out.
Definition at line 664 of file authcert.c.
Referenced by handle_get_keys().
authority_cert_t* authority_cert_get_by_digests | ( | const char * | id_digest, |
const char * | sk_digest | ||
) |
Return the v3 authority certificate with signing key matching sk_digest, for the authority with identity digest id_digest. Return NULL if no such authority is known.
Definition at line 648 of file authcert.c.
authority_cert_t* authority_cert_get_by_sk_digest | ( | const char * | sk_digest | ) |
Return the newest v3 authority certificate whose directory signing key has digest sk_digest. Return NULL if no such certificate is known.
Definition at line 621 of file authcert.c.
authority_cert_t* authority_cert_get_newest_by_id | ( | const char * | id_digest | ) |
Return the newest v3 authority certificate whose v3 authority identity key has digest id_digest. Return NULL if no such authority is known, or it has no certificate.
Definition at line 601 of file authcert.c.
int authority_cert_is_denylisted | ( | const authority_cert_t * | cert | ) |
Return true iff cert authenticates some atuhority signing key which, because of the old openssl heartbleed vulnerability, should never be trusted.
Definition at line 744 of file authcert.c.
void authority_certs_fetch_missing | ( | networkstatus_t * | status, |
time_t | now, | ||
const char * | dir_hint | ||
) |
Try to download any v3 authority certificates that we may be missing. If status is provided, try to get all the ones that were used to sign status. Additionally, try to have a non-expired certificate for every V3 authority in trusted_dir_servers. Don't fetch certificates we already have.
If dir_hint is non-NULL, it's the identity digest for a directory that we've just successfully retrieved a consensus or certificates from, so try it first to fetch any missing certificates.
Definition at line 853 of file authcert.c.
Referenced by update_certificate_downloads().
download_status_t* download_status_for_authority_id_and_sk | ( | const char * | id_digest, |
const char * | sk_digest | ||
) |
Given an authority ID digest and a signing key digest, return the download_status_t or NULL if none exists.
Definition at line 282 of file authcert.c.
Referenced by getinfo_helper_downloads_cert().
download_status_t* id_only_download_status_for_authority_id | ( | const char * | digest | ) |
Given an authority ID digest, return a pointer to the default download status, or NULL if there is no such entry in trusted_dir_certs
Definition at line 227 of file authcert.c.
Referenced by getinfo_helper_downloads_cert().
smartlist_t* list_authority_ids_with_downloads | ( | void | ) |
Return a list of authority ID digests with potentially enumerable lists of download_status_t objects; used by controller GETINFO queries.
Definition at line 196 of file authcert.c.
Referenced by getinfo_helper_downloads_cert().
smartlist_t* list_sk_digests_for_authority_id | ( | const char * | digest | ) |
Given an authority ID digest, return a smartlist of signing key digests for which download_status_t is potentially queryable, or NULL if no such authority ID digest is known.
Definition at line 247 of file authcert.c.
Referenced by getinfo_helper_downloads_cert().
void trusted_dirs_flush_certs_to_disk | ( | void | ) |
Save all v3 key certificates to the cached-certs file.
Definition at line 499 of file authcert.c.
int trusted_dirs_load_certs_from_string | ( | const char * | contents, |
int | source, | ||
int | flush, | ||
const char * | source_dir | ||
) |
Load a bunch of new key certificates from the string contents. If source is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are from the cache, and we don't need to flush them to disk. If we are a dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF. Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If flush is true, we need to flush any changed certificates to disk now. Return 0 on success, -1 if any certs fail to parse.
If source_dir is non-NULL, it's the identity digest for a directory that we've just successfully retrieved certificates from, so try it first to fetch any missing certificates.
Definition at line 373 of file authcert.c.
int trusted_dirs_reload_certs | ( | void | ) |
Reload the cached v3 key certificates from the cached-certs file in the data directory. Return 0 on success, -1 on failure.
Definition at line 324 of file authcert.c.
void trusted_dirs_remove_old_certs | ( | void | ) |
Remove all expired v3 authority certificates that have been superseded for more than 48 hours or, if not expired, that were published more than 7 days before being superseded. (If the most recent cert was published more than 48 hours ago, then we aren't going to get any consensuses signed with older keys.)
Definition at line 548 of file authcert.c.
Referenced by routerlist_remove_old_routers().