commit f23d4df091a3b4c3933d041481316f624cdb98d1
parent fe68d83b246d8a5d0e6be90efaec2de6e922be62
Author: George Kadianakis <desnacked@riseup.net>
Date: Thu, 21 Nov 2019 13:03:44 +0200
Merge branch 'tor-github/pr/1555'
Diffstat:
4 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/changes/ticket30382 b/changes/ticket30382
@@ -0,0 +1,5 @@
+ o Major feature (onion service, SOCKS5):
+ - Introduce a new SocksPort flag named: ExtendedErrors. Detailed in
+ proposal 304, a number of onion service error codes are now sent back,
+ if this flag is set, with the SOCKS5 protocol using new custom error
+ values. Closes ticket 30382;
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
@@ -1418,37 +1418,43 @@ The following options are useful only for clients (that is, if
X'F0' Onion Service Descriptor Can Not be Found
The requested onion service descriptor can't be found on the
- hashring and thus not reachable by the client.
+ hashring and thus not reachable by the client. (v3 only)
X'F1' Onion Service Descriptor Is Invalid
The requested onion service descriptor can't be parsed or
- signature validation failed.
+ signature validation failed. (v3 only)
X'F2' Onion Service Introduction Failed
Client failed to introduce to the service meaning the descriptor
was found but the service is not connected anymore to the
introduction point. The service has likely changed its descriptor
- or is not running.
+ or is not running. (v3 only)
X'F3' Onion Service Rendezvous Failed
Client failed to rendezvous with the service which means that the
- client is unable to finalize the connection.
+ client is unable to finalize the connection. (v3 only)
X'F4' Onion Service Missing Client Authorization
Client was able to download the requested onion service descriptor
but is unable to decrypt its content because it is missing client
- authorization information.
+ authorization information. (v3 only)
X'F5' Onion Service Wrong Client Authorization
Client was able to download the requested onion service descriptor
but is unable to decrypt its content using the client
authorization information it has. This means the client access
- were revoked.
+ were revoked. (v3 only)
+
+ X'F6' Onion Service Invalid Address
+
+ The given .onion address is invalid. In one of these cases this
+ error is returned: address checksum doesn't match, ed25519 public
+ key is invalid or the encoding is invalid. (v3 only)
// Anchor only for formatting, not visible in the man page.
[[SocksPortFlagsMisc]]::
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
@@ -2123,7 +2123,7 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
escaped(socks->address));
if (addresstype == ONION_V3_HOSTNAME) {
- conn->socks_request->socks_extended_error_code = SOCKS5_HS_IS_INVALID;
+ conn->socks_request->socks_extended_error_code = SOCKS5_HS_BAD_ADDRESS;
}
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return -1;
diff --git a/src/lib/net/socks5_status.h b/src/lib/net/socks5_status.h
@@ -36,6 +36,7 @@ typedef enum {
SOCKS5_HS_REND_FAILED = 0xF3,
SOCKS5_HS_MISSING_CLIENT_AUTH = 0xF4,
SOCKS5_HS_BAD_CLIENT_AUTH = 0xF5,
+ SOCKS5_HS_BAD_ADDRESS = 0xF6,
} socks5_reply_status_t;
#endif /* !defined(TOR_SOCKS5_STATUS_H) */
