diff options
author | Christian Grothoff <christian@grothoff.org> | 2019-06-05 23:38:28 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2019-06-05 23:51:26 +0200 |
commit | 69a07468de8555d5260afab4019e34f40e5ec6be (patch) | |
tree | 57aa9a3093c8aa10c789391f4c6a010304aecbfd /src | |
parent | 2f0015b80385364ffbacca71504a96a46db6f0e0 (diff) |
working on fix for #5747
Diffstat (limited to 'src')
-rw-r--r-- | src/exchange/exchange.conf | 6 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd.c | 26 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd.h | 5 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_keystate.c | 10 | ||||
-rw-r--r-- | src/lib/exchange_api_handle.c | 22 |
5 files changed, 52 insertions, 17 deletions
diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf index 87b6f18c3..7fe737b72 100644 --- a/src/exchange/exchange.conf +++ b/src/exchange/exchange.conf @@ -15,6 +15,12 @@ REVOCATION_DIR = ${TALER_DATA_HOME}/exchange/revocations/ # This must be adjusted to your actually installation. # MASTER_PUBLIC_KEY = 98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG +# How long do we allow /keys to be cached at most? The actual +# limit is the minimum of this value and the first expected +# significant change in /keys based on the expiration times. +# Used to artifically reduce caching (addresses #5747). +MAX_KEYS_CACHING = forever + # How to access our database DB = postgres diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index b24feef61..45e0c764b 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -98,6 +98,11 @@ char *TEH_revocation_directory; struct GNUNET_CONFIGURATION_Handle *cfg; /** + * How long is caching /keys allowed at most? + */ +struct GNUNET_TIME_Relative max_keys_caching; + +/** * Master public key (according to the * configuration in the exchange directory). */ @@ -370,8 +375,8 @@ handle_mhd_request (void *cls, &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED }, { "/test/eddsa", MHD_HTTP_METHOD_POST, "application/json", - NULL, 0, - &TEH_TEST_handler_test_eddsa, MHD_HTTP_OK }, + NULL, 0, + &TEH_TEST_handler_test_eddsa, MHD_HTTP_OK }, { "/test/eddsa", NULL, "text/plain", "Only POST is allowed", 0, &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED }, @@ -391,13 +396,12 @@ handle_mhd_request (void *cls, &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED }, { "/test/transfer", MHD_HTTP_METHOD_POST, "application/json", - NULL, 0, - &TEH_TEST_handler_test_transfer, MHD_HTTP_OK }, + NULL, 0, + &TEH_TEST_handler_test_transfer, MHD_HTTP_OK }, { "/test/transfer", NULL, "text/plain", "Only POST is allowed", 0, &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED }, #endif - { NULL, NULL, NULL, NULL, 0, 0 } }; static struct TEH_RequestHandler h404 = @@ -606,6 +610,18 @@ exchange_serve_process_config () char *TEH_master_public_key_str; if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_time (cfg, + "exchange", + "MAX_KEYS_CACHING", + &max_keys_caching)) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "exchange", + "MAX_KEYS_CACHING", + "valid relative time expected"); + return GNUNET_SYSERR; + } + if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "exchange", "KEYDIR", diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h index ef380e8c4..bf0653606 100644 --- a/src/exchange/taler-exchange-httpd.h +++ b/src/exchange/taler-exchange-httpd.h @@ -39,6 +39,11 @@ extern char *TEH_exchange_currency_string; extern int TEH_exchange_connection_close; /** + * How long is caching /keys allowed at most? + */ +extern struct GNUNET_TIME_Relative max_keys_caching; + +/** * The exchange's configuration. */ extern struct GNUNET_CONFIGURATION_Handle *cfg; diff --git a/src/exchange/taler-exchange-httpd_keystate.c b/src/exchange/taler-exchange-httpd_keystate.c index 8b56813e3..7d6bb08a3 100644 --- a/src/exchange/taler-exchange-httpd_keystate.c +++ b/src/exchange/taler-exchange-httpd_keystate.c @@ -1166,8 +1166,16 @@ setup_general_response_headers (const struct TEH_KS_StateHandle *key_state, dat)); if (0 != key_state->next_reload.abs_value_us) { - get_date_string (key_state->next_reload, + struct GNUNET_TIME_Absolute m; + + m = GNUNET_TIME_relative_to_absolute (max_keys_caching); + m = GNUNET_TIME_absolute_min (m, + key_state->next_reload); + get_date_string (m, dat); + // FIXME: setting 'm' to FOREVER here exposes + // a crash-bug in lib/ where we access /keys + // data after it was already free'd! GNUNET_break (MHD_YES == MHD_add_response_header (response, MHD_HTTP_HEADER_EXPIRES, diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c index f792e89de..9f02d7039 100644 --- a/src/lib/exchange_api_handle.c +++ b/src/lib/exchange_api_handle.c @@ -1251,29 +1251,29 @@ keys_completed_cb (void *cls, /* Old auditors got just copied into new ones. */ if (GNUNET_OK != decode_keys_json (j, - GNUNET_YES, + GNUNET_YES, &kd, - &vc)) + &vc)) { TALER_LOG_ERROR ("Could not decode /keys response\n"); response_code = 0; for (unsigned int i=0;i<kd.num_auditors;i++) { - struct TALER_EXCHANGE_AuditorInformation *anew = &kd.auditors[i]; + struct TALER_EXCHANGE_AuditorInformation *anew = &kd.auditors[i]; - GNUNET_array_grow (anew->denom_keys, - anew->num_denom_keys, - 0); - GNUNET_free (anew->auditor_url); + GNUNET_array_grow (anew->denom_keys, + anew->num_denom_keys, + 0); + GNUNET_free (anew->auditor_url); } GNUNET_free (kd.auditors); kd.auditors = NULL; kd.num_auditors = 0; for (unsigned int i=0;i<kd_old.num_denom_keys;i++) - GNUNET_CRYPTO_rsa_public_key_free (kd.denom_keys[i].key.rsa_public_key); + GNUNET_CRYPTO_rsa_public_key_free (kd.denom_keys[i].key.rsa_public_key); GNUNET_array_grow (kd.denom_keys, - kd.denom_keys_size, - 0); + kd.denom_keys_size, + 0); kd.num_denom_keys = 0; break; } @@ -1319,7 +1319,7 @@ keys_completed_cb (void *cls, /* notify application about the key information */ exchange->cert_cb (exchange->cert_cb_cls, &exchange->key_data, - vc); + vc); free_key_data (&kd_old); } |