aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2019-06-05 23:38:28 +0200
committerChristian Grothoff <christian@grothoff.org>2019-06-05 23:51:26 +0200
commit69a07468de8555d5260afab4019e34f40e5ec6be (patch)
tree57aa9a3093c8aa10c789391f4c6a010304aecbfd /src
parent2f0015b80385364ffbacca71504a96a46db6f0e0 (diff)
working on fix for #5747
Diffstat (limited to 'src')
-rw-r--r--src/exchange/exchange.conf6
-rw-r--r--src/exchange/taler-exchange-httpd.c26
-rw-r--r--src/exchange/taler-exchange-httpd.h5
-rw-r--r--src/exchange/taler-exchange-httpd_keystate.c10
-rw-r--r--src/lib/exchange_api_handle.c22
5 files changed, 52 insertions, 17 deletions
diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf
index 87b6f18c3..7fe737b72 100644
--- a/src/exchange/exchange.conf
+++ b/src/exchange/exchange.conf
@@ -15,6 +15,12 @@ REVOCATION_DIR = ${TALER_DATA_HOME}/exchange/revocations/
# This must be adjusted to your actually installation.
# MASTER_PUBLIC_KEY = 98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG
+# How long do we allow /keys to be cached at most? The actual
+# limit is the minimum of this value and the first expected
+# significant change in /keys based on the expiration times.
+# Used to artifically reduce caching (addresses #5747).
+MAX_KEYS_CACHING = forever
+
# How to access our database
DB = postgres
diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c
index b24feef61..45e0c764b 100644
--- a/src/exchange/taler-exchange-httpd.c
+++ b/src/exchange/taler-exchange-httpd.c
@@ -98,6 +98,11 @@ char *TEH_revocation_directory;
struct GNUNET_CONFIGURATION_Handle *cfg;
/**
+ * How long is caching /keys allowed at most?
+ */
+struct GNUNET_TIME_Relative max_keys_caching;
+
+/**
* Master public key (according to the
* configuration in the exchange directory).
*/
@@ -370,8 +375,8 @@ handle_mhd_request (void *cls,
&TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
{ "/test/eddsa", MHD_HTTP_METHOD_POST, "application/json",
- NULL, 0,
- &TEH_TEST_handler_test_eddsa, MHD_HTTP_OK },
+ NULL, 0,
+ &TEH_TEST_handler_test_eddsa, MHD_HTTP_OK },
{ "/test/eddsa", NULL, "text/plain",
"Only POST is allowed", 0,
&TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
@@ -391,13 +396,12 @@ handle_mhd_request (void *cls,
&TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
{ "/test/transfer", MHD_HTTP_METHOD_POST, "application/json",
- NULL, 0,
- &TEH_TEST_handler_test_transfer, MHD_HTTP_OK },
+ NULL, 0,
+ &TEH_TEST_handler_test_transfer, MHD_HTTP_OK },
{ "/test/transfer", NULL, "text/plain",
"Only POST is allowed", 0,
&TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
#endif
-
{ NULL, NULL, NULL, NULL, 0, 0 }
};
static struct TEH_RequestHandler h404 =
@@ -606,6 +610,18 @@ exchange_serve_process_config ()
char *TEH_master_public_key_str;
if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_time (cfg,
+ "exchange",
+ "MAX_KEYS_CACHING",
+ &max_keys_caching))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "exchange",
+ "MAX_KEYS_CACHING",
+ "valid relative time expected");
+ return GNUNET_SYSERR;
+ }
+ if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_filename (cfg,
"exchange",
"KEYDIR",
diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h
index ef380e8c4..bf0653606 100644
--- a/src/exchange/taler-exchange-httpd.h
+++ b/src/exchange/taler-exchange-httpd.h
@@ -39,6 +39,11 @@ extern char *TEH_exchange_currency_string;
extern int TEH_exchange_connection_close;
/**
+ * How long is caching /keys allowed at most?
+ */
+extern struct GNUNET_TIME_Relative max_keys_caching;
+
+/**
* The exchange's configuration.
*/
extern struct GNUNET_CONFIGURATION_Handle *cfg;
diff --git a/src/exchange/taler-exchange-httpd_keystate.c b/src/exchange/taler-exchange-httpd_keystate.c
index 8b56813e3..7d6bb08a3 100644
--- a/src/exchange/taler-exchange-httpd_keystate.c
+++ b/src/exchange/taler-exchange-httpd_keystate.c
@@ -1166,8 +1166,16 @@ setup_general_response_headers (const struct TEH_KS_StateHandle *key_state,
dat));
if (0 != key_state->next_reload.abs_value_us)
{
- get_date_string (key_state->next_reload,
+ struct GNUNET_TIME_Absolute m;
+
+ m = GNUNET_TIME_relative_to_absolute (max_keys_caching);
+ m = GNUNET_TIME_absolute_min (m,
+ key_state->next_reload);
+ get_date_string (m,
dat);
+ // FIXME: setting 'm' to FOREVER here exposes
+ // a crash-bug in lib/ where we access /keys
+ // data after it was already free'd!
GNUNET_break (MHD_YES ==
MHD_add_response_header (response,
MHD_HTTP_HEADER_EXPIRES,
diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c
index f792e89de..9f02d7039 100644
--- a/src/lib/exchange_api_handle.c
+++ b/src/lib/exchange_api_handle.c
@@ -1251,29 +1251,29 @@ keys_completed_cb (void *cls,
/* Old auditors got just copied into new ones. */
if (GNUNET_OK !=
decode_keys_json (j,
- GNUNET_YES,
+ GNUNET_YES,
&kd,
- &vc))
+ &vc))
{
TALER_LOG_ERROR ("Could not decode /keys response\n");
response_code = 0;
for (unsigned int i=0;i<kd.num_auditors;i++)
{
- struct TALER_EXCHANGE_AuditorInformation *anew = &kd.auditors[i];
+ struct TALER_EXCHANGE_AuditorInformation *anew = &kd.auditors[i];
- GNUNET_array_grow (anew->denom_keys,
- anew->num_denom_keys,
- 0);
- GNUNET_free (anew->auditor_url);
+ GNUNET_array_grow (anew->denom_keys,
+ anew->num_denom_keys,
+ 0);
+ GNUNET_free (anew->auditor_url);
}
GNUNET_free (kd.auditors);
kd.auditors = NULL;
kd.num_auditors = 0;
for (unsigned int i=0;i<kd_old.num_denom_keys;i++)
- GNUNET_CRYPTO_rsa_public_key_free (kd.denom_keys[i].key.rsa_public_key);
+ GNUNET_CRYPTO_rsa_public_key_free (kd.denom_keys[i].key.rsa_public_key);
GNUNET_array_grow (kd.denom_keys,
- kd.denom_keys_size,
- 0);
+ kd.denom_keys_size,
+ 0);
kd.num_denom_keys = 0;
break;
}
@@ -1319,7 +1319,7 @@ keys_completed_cb (void *cls,
/* notify application about the key information */
exchange->cert_cb (exchange->cert_cb_cls,
&exchange->key_data,
- vc);
+ vc);
free_key_data (&kd_old);
}