Skip to content

hs: Report configuration error on the control port

Hi lovely network team folks. Few days ago Stem's integ tests started failing with...

======================================================================
ERROR: test_hidden_services_conf
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/atagar/Desktop/stem/test/require.py", line 58, in wrapped
    return func(self, *args, **kwargs)
  File "/home/atagar/Desktop/stem/test/integ/control/controller.py", line 458, in test_hidden_services_conf
    controller.set_hidden_service_conf(initialconf)
  File "/home/atagar/Desktop/stem/stem/control.py", line 2614, in set_hidden_service_conf
    self.set_options(hidden_service_options)
  File "/home/atagar/Desktop/stem/stem/control.py", line 2451, in set_options
    raise stem.InvalidRequest(response.code, response.message)
InvalidRequest: Unacceptable option value: Failed to configure rendezvous options. See logs for details.

----------------------------------------------------------------------

Narrowing this down to a telnet repro with the present tor head (commit fd994f5) gives the following...

% cat ~/.tor/torrc
SocksPort 0
ControlPort 9051
ExitPolicy reject *:*


% telnet localhost 9051

AUTHENTICATE
250 OK

SETCONF HiddenServiceDir="/tmp/test_hidden_service" HiddenServicePort="8030 127.0.0.1:8030" HiddenServiceAuthorizeClient="stealth a, b"
513 Unacceptable option value: Failed to configure rendezvous options. See logs for details.

Error responses should not cite log output. That aside, here's what logs say...

Sep 04 10:47:19.000 [warn] Hidden service option HiddenServiceAuthorizeClient is incompatible with version 3 of service in /tmp/test_hidden_service
Sep 04 10:47:19.000 [warn] Controller gave us config lines that didn't validate: Failed to configure rendezvous options. See logs for details.

My understanding is that hidden services that are configured through the torrc are v2, whereas ephemeral hidden services are v2 or v3 based on the key type (RSA1024 for v2 and ED25519-V3 for v3).

Seems this changed and now torrcs create v3 rather than v2 services? Is this intentional? Since this breaks backward compatibility I assume this means we're dropping v2 hidden services in the next tor release?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information