Commit 5e836eb8 authored by George Kadianakis's avatar George Kadianakis Committed by David Goulet
Browse files

Add warning when trying to connect to deprecated v2 onions.

parent f230bead
Loading
Loading
Loading
Loading

changes/ticket40373

0 → 100644
+3 −0
Original line number Diff line number Diff line
  o Minor features (onion services):
    - Add warning message when connecting to deprecated v2 onions.
      Closes ticket 40373.
 No newline at end of file
+14 −1
Original line number Diff line number Diff line
@@ -2242,7 +2242,7 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
  }

  /* Now, we handle everything that isn't a .onion address. */
  if (addresstype != ONION_V3_HOSTNAME) {
  if (addresstype != ONION_V3_HOSTNAME && addresstype != ONION_V2_HOSTNAME) {
    /* Not a hidden-service request.  It's either a hostname or an IP,
     * possibly with a .exit that we stripped off.  We're going to check
     * if we're allowed to connect/resolve there, and then launch the
@@ -2527,6 +2527,19 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
    return 0;
  } else {
    /* If we get here, it's a request for a .onion address! */

    /* We don't support v2 onions anymore. Log a warning and bail. */
    if (addresstype == ONION_V2_HOSTNAME) {
      log_warn(LD_PROTOCOL, "Tried to connect to a v2 onion address, but this "
               "version of Tor no longer supports them. Please encourage the "
               "site operator to upgrade. For more information see "
               "https://blog.torproject.org/v2-deprecation-timeline.");
      control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
                                  escaped(socks->address));
      connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
      return -1;
    }

    tor_assert(addresstype == ONION_V3_HOSTNAME);
    tor_assert(!automap);
    return connection_ap_handle_onion(conn, socks, circ);