Disable encrypted directory connections when we don't have a server

descriptor for the destination. We'll get this working again in
the 0.2.0 branch.


svn:r9700

ChangeLog

@@ -33,6 +33,9 @@ Changes in version 0.1.2.9-??? - 2007-??-??
       configuration values on mingw; the high-order 32 bits would get
       truncated.  If the value was then reloaded, disaster would
       occur. (Fixes bug 400 and maybe also bug 397.)
+    - Disable encrypted directory connections when we don't have a server
+      descriptor for the destination. We'll get this working again in
+      the 0.2.0 branch.
 
 
 Changes in version 0.1.2.8-beta - 2007-02-26

doc/TODO

@@ -35,7 +35,7 @@ N - Test guard unreachable logic; make sure that we actually attempt to
     directory port."
     o Implement
     D turn the received socks addr:port into a digest for setting .exit
-R   - be able to connect without having a server descriptor, to bootstrap.
+    D be able to connect without having a server descriptor, to bootstrap.
     D handle connect-dir streams that don't have a chosen_exit_name set.
     o include ORPort in DirServers lines so we can know where to connect.
       list the orport as 0 if it can't handle begin_dir.
@@ -43,7 +43,7 @@ R   - be able to connect without having a server descriptor, to bootstrap.
 
   . option to dl directory info via tor:
     TunnelDirConns and PreferTunneledDirConns
-R   - actually cause the directory.c functions to know about or_port
+    D actually cause the directory.c functions to know about or_port
       and use it when we're supposed to.
     o for tunneled edge conns, stop reading to the bridge connection
       when the or_conn we're writing to has a full outbuf.

src/or/directory.c

@@ -372,7 +372,8 @@ directory_initiate_command(const char *address, uint32_t addr,
 {
   dir_connection_t *conn;
   or_options_t *options = get_options();
-  int want_to_tunnel = options->TunnelDirConns && supports_begindir;
+  int want_to_tunnel = options->TunnelDirConns && supports_begindir &&
+                       router_get_by_digest(digest);
 
   tor_assert(address);
   tor_assert(addr);

src/or/routerlist.c

@@ -561,6 +561,7 @@ router_pick_directory_server_impl(int requireother, int fascistfirewall,
     if (fascistfirewall &&
         prefer_tunnel &&
         status->version_supports_begindir &&
+        router_get_by_digest(status->identity_digest) &&
         fascist_firewall_allows_address_or(status->addr, status->or_port))
       smartlist_add(is_trusted ? trusted_tunnel :
                       is_overloaded ? overloaded_tunnel : tunnel, status);
@@ -639,6 +640,7 @@ router_pick_trusteddirserver_impl(authority_type_t type,
       if (fascistfirewall &&
           prefer_tunnel &&
           d->or_port &&
+          router_get_by_digest(d->digest) &&
           fascist_firewall_allows_address_or(d->addr, d->or_port))
         smartlist_add(is_overloaded ? overloaded_tunnel : tunnel,
                       &d->fake_status.status);