commit a159eaf45fb59fb47732d5d811db2cc78c02a960
parent 15d7f24c57828b94596ccfd97081840b920c2336
Author: Nick Mathewson <nickm@torproject.org>
Date: Mon, 30 Jul 2018 08:45:01 -0400
Merge branch 'maint-0.3.2' into maint-0.3.3
Diffstat:
3 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/changes/bug26924 b/changes/bug26924
@@ -0,0 +1,4 @@
+ o Minor bugfixes (single onion services, Tor2web):
+ - Log a protocol warning when single onion services or Tor2web clients
+ fail to authenticate direct connections to relays.
+ Fixes bug 26924; bugfix on 0.2.9.1-alpha.
diff --git a/changes/bug26927 b/changes/bug26927
@@ -0,0 +1,4 @@
+ o Minor bugfixes (logging):
+ - Improve the log message when connection initiators fail to authenticate
+ direct connections to relays.
+ Fixes bug 26927; bugfix on 0.3.0.1-alpha.
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
@@ -50,6 +50,7 @@
#include "proto_cell.h"
#include "reasons.h"
#include "relay.h"
+#include "rendcommon.h"
#include "rephist.h"
#include "router.h"
#include "routerkeys.h"
@@ -1923,10 +1924,13 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
conn->identity_digest);
const int is_authority_fingerprint = router_digest_is_trusted_dir(
conn->identity_digest);
+ const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options);
int severity;
const char *extra_log = "";
- if (server_mode(options)) {
+ /* Relays, Single Onion Services, and Tor2web make direct connections using
+ * untrusted authentication keys. */
+ if (server_mode(options) || non_anonymous_mode) {
severity = LOG_PROTOCOL_WARN;
} else {
if (using_hardcoded_fingerprints) {
@@ -1950,8 +1954,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
}
log_fn(severity, LD_HANDSHAKE,
- "Tried connecting to router at %s:%d, but RSA identity key was not "
- "as expected: wanted %s + %s but got %s + %s.%s",
+ "Tried connecting to router at %s:%d, but RSA + ed25519 identity "
+ "keys were not as expected: wanted %s + %s but got %s + %s.%s",
conn->base_.address, conn->base_.port,
expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log);
@@ -1968,8 +1972,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
}
if (!expected_ed_key && ed_peer_id) {
- log_info(LD_HANDSHAKE, "(we had no Ed25519 ID in mind when we made this "
- "connection.");
+ log_info(LD_HANDSHAKE, "(We had no Ed25519 ID in mind when we made this "
+ "connection.)");
connection_or_set_identity_digest(conn,
(const char*)rsa_peer_id, ed_peer_id);
changed_identity = 1;
