working on fix for #5747

src/exchange/exchange.conf

@@ -15,6 +15,12 @@ REVOCATION_DIR = ${TALER_DATA_HOME}/exchange/revocations/
 # This must be adjusted to your actually installation.
 # MASTER_PUBLIC_KEY = 98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG
 
+# How long do we allow /keys to be cached at most? The actual
+# limit is the minimum of this value and the first expected
+# significant change in /keys based on the expiration times.
+# Used to artifically reduce caching (addresses #5747).
+MAX_KEYS_CACHING = forever
+
 # How to access our database
 DB = postgres
 

src/exchange/taler-exchange-httpd.c

@@ -97,6 +97,11 @@ char *TEH_revocation_directory;
  */
 struct GNUNET_CONFIGURATION_Handle *cfg;
 
+/**
+ * How long is caching /keys allowed at most?
+ */
+struct GNUNET_TIME_Relative max_keys_caching;
+
 /**
  * Master public key (according to the
  * configuration in the exchange directory).
@@ -370,8 +375,8 @@ handle_mhd_request (void *cls,
         &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
 
       { "/test/eddsa", MHD_HTTP_METHOD_POST, "application/json",
-	NULL, 0,
-	&TEH_TEST_handler_test_eddsa, MHD_HTTP_OK },
+        NULL, 0,
+        &TEH_TEST_handler_test_eddsa, MHD_HTTP_OK },
       { "/test/eddsa", NULL, "text/plain",
         "Only POST is allowed", 0,
         &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
@@ -391,13 +396,12 @@ handle_mhd_request (void *cls,
         &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
 
       { "/test/transfer", MHD_HTTP_METHOD_POST, "application/json",
-	NULL, 0,
-	&TEH_TEST_handler_test_transfer, MHD_HTTP_OK },
+        NULL, 0,
+        &TEH_TEST_handler_test_transfer, MHD_HTTP_OK },
       { "/test/transfer", NULL, "text/plain",
         "Only POST is allowed", 0,
         &TEH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
 #endif
-
       { NULL, NULL, NULL, NULL, 0, 0 }
     };
   static struct TEH_RequestHandler h404 =
@@ -605,6 +609,18 @@ exchange_serve_process_config ()
 {
   char *TEH_master_public_key_str;
 
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_time (cfg,
+                                           "exchange",
+                                           "MAX_KEYS_CACHING",
+                                           &max_keys_caching))
+  {
+    GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                               "exchange",
+                               "MAX_KEYS_CACHING",
+                               "valid relative time expected");
+    return GNUNET_SYSERR;
+  }
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_filename (cfg,
                                                "exchange",

src/exchange/taler-exchange-httpd.h

@@ -38,6 +38,11 @@ extern char *TEH_exchange_currency_string;
  */
 extern int TEH_exchange_connection_close;
 
+/**
+ * How long is caching /keys allowed at most?
+ */
+extern struct GNUNET_TIME_Relative max_keys_caching;
+
 /**
  * The exchange's configuration.
  */

src/exchange/taler-exchange-httpd_keystate.c

@@ -1166,8 +1166,16 @@ setup_general_response_headers (const struct TEH_KS_StateHandle *key_state,
                                          dat));
   if (0 != key_state->next_reload.abs_value_us)
   {
-    get_date_string (key_state->next_reload,
+    struct GNUNET_TIME_Absolute m;
+
+    m = GNUNET_TIME_relative_to_absolute (max_keys_caching);
+    m = GNUNET_TIME_absolute_min (m,
+                                  key_state->next_reload);
+    get_date_string (m,
                      dat);
+    // FIXME: setting 'm' to FOREVER here exposes
+    // a crash-bug in lib/ where we access /keys
+    // data after it was already free'd!
     GNUNET_break (MHD_YES ==
                   MHD_add_response_header (response,
                                            MHD_HTTP_HEADER_EXPIRES,

src/lib/exchange_api_handle.c

@@ -1251,29 +1251,29 @@ keys_completed_cb (void *cls,
     /* Old auditors got just copied into new ones.  */
     if (GNUNET_OK !=
         decode_keys_json (j,
-			  GNUNET_YES,
+                          GNUNET_YES,
                           &kd,
-			  &vc))
+                          &vc))
     {
       TALER_LOG_ERROR ("Could not decode /keys response\n");
       response_code = 0;
       for (unsigned int i=0;i<kd.num_auditors;i++)
       {
-	struct TALER_EXCHANGE_AuditorInformation *anew = &kd.auditors[i];
+        struct TALER_EXCHANGE_AuditorInformation *anew = &kd.auditors[i];
 
-	GNUNET_array_grow (anew->denom_keys,
-			   anew->num_denom_keys,
-			   0);
-	GNUNET_free (anew->auditor_url);
+        GNUNET_array_grow (anew->denom_keys,
+                           anew->num_denom_keys,
+                           0);
+        GNUNET_free (anew->auditor_url);
       }
       GNUNET_free (kd.auditors);
       kd.auditors = NULL;
       kd.num_auditors = 0;
       for (unsigned int i=0;i<kd_old.num_denom_keys;i++)
-	GNUNET_CRYPTO_rsa_public_key_free (kd.denom_keys[i].key.rsa_public_key);
+        GNUNET_CRYPTO_rsa_public_key_free (kd.denom_keys[i].key.rsa_public_key);
       GNUNET_array_grow (kd.denom_keys,
-			 kd.denom_keys_size,
-			 0);
+                         kd.denom_keys_size,
+                         0);
       kd.num_denom_keys = 0;
       break;
     }
@@ -1319,7 +1319,7 @@ keys_completed_cb (void *cls,
   /* notify application about the key information */
   exchange->cert_cb (exchange->cert_cb_cls,
                      &exchange->key_data,
-		     vc);
+                     vc);
   free_key_data (&kd_old);
 }