Commit 8aedc589 authored by David Goulet's avatar David Goulet 🔆 Committed by Nick Mathewson
Browse files

config: Remove WarnUnsafeSocks option

Deprecated in, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060
Signed-off-by: David Goulet's avatarDavid Goulet <>
parent 60cf5ac2
......@@ -15,3 +15,5 @@
- CloseHSServiceRendCircuitsImmediatelyOnTimeout was deprecated in and now has been rendered obsolete. Code has been removed
and feature no longer exists.
- WarnUnsafeSocks was deprecated in and now has been
rendered obsolete. Code has been removed and feature no longer exists.
......@@ -1271,12 +1271,6 @@ The following options are useful only for clients (that is, if
helps to determine whether an application using Tor is possibly leaking
DNS requests. (Default: 0)
[[WarnUnsafeSocks]] **WarnUnsafeSocks** **0**|**1**::
When this option is enabled, Tor will warn whenever a request is
received that only contains an IP address instead of a hostname. Allowing
applications to do DNS resolves themselves is usually a bad idea and
can leak your location to attackers. (Default: 1)
[[VirtualAddrNetworkIPv4]] **VirtualAddrNetworkIPv4** __Address__/__bits__ +
[[VirtualAddrNetworkIPv6]] **VirtualAddrNetworkIPv6** [__Address__]/__bits__::
......@@ -1319,7 +1319,7 @@ fetch_from_buf_http(buf_t *buf,
* Wait this many seconds before warning the user about using SOCKS unsafely
* again (requires that WarnUnsafeSocks is turned on). */
* again. */
/** Warn that the user application has made an unsafe socks request using
......@@ -1331,9 +1331,6 @@ log_unsafe_socks_warning(int socks_protocol, const char *address,
static ratelim_t socks_ratelim = RATELIM_INIT(SOCKS_WARN_INTERVAL);
const or_options_t *options = get_options();
if (! options->WarnUnsafeSocks)
if (safe_socks) {
log_fn_ratelim(&socks_ratelim, LOG_WARN, LD_APP,
"Your application (using socks%d to port %d) is giving "
......@@ -402,7 +402,7 @@ static config_var_t option_vars_[] = {
V(Nickname, STRING, NULL),
V(PredictedPortsRelevanceTime, INTERVAL, "1 hour"),
V(WarnUnsafeSocks, BOOL, "1"),
VAR("NodeFamily", LINELIST, NodeFamilies, NULL),
V(NumCPUs, UINT, "0"),
V(NumDirectoryGuards, UINT, "0"),
......@@ -664,8 +664,6 @@ static const config_deprecation_t option_deprecation_notes_[] = {
"a wide variety of application-level attacks." },
{ "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
"easier to fingerprint, and may open you to esoteric attacks." },
{ "WarnUnsafeSocks", "Changing this option makes it easier for you "
"to accidentally lose your anonymity by leaking DNS information" },
{ "TLSECGroup", "The default is a nice secure choice; the other option "
"is less secure." },
{ "ControlListenAddress", "Use ControlPort instead." },
......@@ -4110,10 +4110,6 @@ typedef struct {
* selection. */
int AllowDotExit;
/** If true, we will warn if a user gives us only an IP address
* instead of a hostname. */
int WarnUnsafeSocks;
/** If true, we're configured to collect statistics on clients
* requesting network statuses from us as directory. */
int DirReqStatistics_option;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment