Loading changes/bug26924 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor bugfixes (single onion services, Tor2web): - Log a protocol warning when single onion services or Tor2web clients fail to authenticate direct connections to relays. Fixes bug 26924; bugfix on 0.2.9.1-alpha. changes/bug26927 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor bugfixes (logging): - Improve the log message when connection initiators fail to authenticate direct connections to relays. Fixes bug 26927; bugfix on 0.3.0.1-alpha. src/or/connection_or.c +9 −5 Original line number Diff line number Diff line Loading @@ -50,6 +50,7 @@ #include "proto_cell.h" #include "reasons.h" #include "relay.h" #include "rendcommon.h" #include "rephist.h" #include "router.h" #include "routerkeys.h" Loading Loading @@ -1923,10 +1924,13 @@ connection_or_client_learned_peer_id(or_connection_t *conn, conn->identity_digest); const int is_authority_fingerprint = router_digest_is_trusted_dir( conn->identity_digest); const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options); int severity; const char *extra_log = ""; if (server_mode(options)) { /* Relays, Single Onion Services, and Tor2web make direct connections using * untrusted authentication keys. */ if (server_mode(options) || non_anonymous_mode) { severity = LOG_PROTOCOL_WARN; } else { if (using_hardcoded_fingerprints) { Loading @@ -1950,8 +1954,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } log_fn(severity, LD_HANDSHAKE, "Tried connecting to router at %s:%d, but RSA identity key was not " "as expected: wanted %s + %s but got %s + %s.%s", "Tried connecting to router at %s:%d, but RSA + ed25519 identity " "keys were not as expected: wanted %s + %s but got %s + %s.%s", conn->base_.address, conn->base_.port, expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log); Loading @@ -1968,8 +1972,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } if (!expected_ed_key && ed_peer_id) { log_info(LD_HANDSHAKE, "(we had no Ed25519 ID in mind when we made this " "connection."); log_info(LD_HANDSHAKE, "(We had no Ed25519 ID in mind when we made this " "connection.)"); connection_or_set_identity_digest(conn, (const char*)rsa_peer_id, ed_peer_id); changed_identity = 1; Loading Loading
changes/bug26924 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor bugfixes (single onion services, Tor2web): - Log a protocol warning when single onion services or Tor2web clients fail to authenticate direct connections to relays. Fixes bug 26924; bugfix on 0.2.9.1-alpha.
changes/bug26927 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor bugfixes (logging): - Improve the log message when connection initiators fail to authenticate direct connections to relays. Fixes bug 26927; bugfix on 0.3.0.1-alpha.
src/or/connection_or.c +9 −5 Original line number Diff line number Diff line Loading @@ -50,6 +50,7 @@ #include "proto_cell.h" #include "reasons.h" #include "relay.h" #include "rendcommon.h" #include "rephist.h" #include "router.h" #include "routerkeys.h" Loading Loading @@ -1923,10 +1924,13 @@ connection_or_client_learned_peer_id(or_connection_t *conn, conn->identity_digest); const int is_authority_fingerprint = router_digest_is_trusted_dir( conn->identity_digest); const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options); int severity; const char *extra_log = ""; if (server_mode(options)) { /* Relays, Single Onion Services, and Tor2web make direct connections using * untrusted authentication keys. */ if (server_mode(options) || non_anonymous_mode) { severity = LOG_PROTOCOL_WARN; } else { if (using_hardcoded_fingerprints) { Loading @@ -1950,8 +1954,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } log_fn(severity, LD_HANDSHAKE, "Tried connecting to router at %s:%d, but RSA identity key was not " "as expected: wanted %s + %s but got %s + %s.%s", "Tried connecting to router at %s:%d, but RSA + ed25519 identity " "keys were not as expected: wanted %s + %s but got %s + %s.%s", conn->base_.address, conn->base_.port, expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log); Loading @@ -1968,8 +1972,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } if (!expected_ed_key && ed_peer_id) { log_info(LD_HANDSHAKE, "(we had no Ed25519 ID in mind when we made this " "connection."); log_info(LD_HANDSHAKE, "(We had no Ed25519 ID in mind when we made this " "connection.)"); connection_or_set_identity_digest(conn, (const char*)rsa_peer_id, ed_peer_id); changed_identity = 1; Loading
