Skip to content

prop304: Implement SOCKS new HS error code

For TB to be able to alert the user that they need to input their client auth credentials we need an appropriate control port event.

In particular:

  1. When Tor fails to decrypt the second layer of desc encryption, we issue the CLIENT_AUTH_NEEDED <onion> <reason> event. Tor does not go to fetch more descs from the hsdir for this onion.

  2. At the same time, we store the broken descriptor into the hs cache, with a special flag that says "missing client auth" and hence desc is NULL.

  3. When TB intercepts the event it presents the user with a dialogue (legacy/trac#30237 (moved)) and adds any client auth creds with the commands from legacy/trac#30381 (moved).

  4. As part of the legacy/trac#30381 (moved) commands the descriptor is decrypted.

  5. TB issues another SOCKS request which uses the right descriptor and goes forward.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information