mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-13 22:53:44 +01:00
man: Document HSv3 client authorization revocation
Removing a ".auth" file revokes a client access to the service but the rendezvous circuit is not closed service side because the service simply doesn't know which circuit is for which client. This commit notes in the man page that to fully revoke a client access to the service, the tor process should be restarted. Closes #28275 Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
parent
1a97379e5e
commit
0906dde9d5
4
changes/ticket28275
Normal file
4
changes/ticket28275
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
o Documentation (hidden service v3, man page):
|
||||||
|
- Note in the man page that the only real way to fully revoke an onion
|
||||||
|
service v3 client authorization is by restarting the tor process. Closes
|
||||||
|
ticket 28275.
|
@ -2961,6 +2961,10 @@ Note that once you've configured client authorization, anyone else with the
|
|||||||
address won't be able to access it from this point on. If no authorization is
|
address won't be able to access it from this point on. If no authorization is
|
||||||
configured, the service will be accessible to anyone with the onion address.
|
configured, the service will be accessible to anyone with the onion address.
|
||||||
|
|
||||||
|
Revoking a client can be done by removing their ".auth" file, however the
|
||||||
|
revocation will be in effect only after the tor process gets restarted even if
|
||||||
|
a SIGHUP takes place.
|
||||||
|
|
||||||
See the Appendix G in the rend-spec-v3.txt file of
|
See the Appendix G in the rend-spec-v3.txt file of
|
||||||
https://spec.torproject.org/[torspec] for more information.
|
https://spec.torproject.org/[torspec] for more information.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user