mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 21:23:58 +01:00
Provide dire warnings to any users who set DirServer; move it out of torrc.sample and into torrc.complete.
svn:r5132
This commit is contained in:
parent
18a0a0e458
commit
ebf6476e8e
5
doc/TODO
5
doc/TODO
@ -163,7 +163,8 @@ N . Routerdesc download changes
|
|||||||
o Reset failure count every 60 minutes
|
o Reset failure count every 60 minutes
|
||||||
o Drop fallback to download-all. Also, always split download.
|
o Drop fallback to download-all. Also, always split download.
|
||||||
- Only use a routerdesc if you recognize its hash.
|
- Only use a routerdesc if you recognize its hash.
|
||||||
- Must defer till dirservers are upgraded to latest.
|
- (Must defer till dirservers are upgraded to latest code, which
|
||||||
|
actually generates these hashes.)
|
||||||
- Of course, authdirservers must not do this.
|
- Of course, authdirservers must not do this.
|
||||||
- Should directory mirrors do something else entirely?
|
- Should directory mirrors do something else entirely?
|
||||||
- Use has_fetched_directory sanely, whatever that means.
|
- Use has_fetched_directory sanely, whatever that means.
|
||||||
@ -177,7 +178,7 @@ N . Routerdesc download changes
|
|||||||
- Call dirport_is_reachable from somewhere else.
|
- Call dirport_is_reachable from somewhere else.
|
||||||
o Networkstatus should list who's an authority.
|
o Networkstatus should list who's an authority.
|
||||||
- Add nickname element to dirserver line. Log this along with IP:Port.
|
- Add nickname element to dirserver line. Log this along with IP:Port.
|
||||||
- Warn when using non-default directory servers.
|
o Warn when using non-default directory servers.
|
||||||
- When giving up on a non-finished dir request, log how many bytes
|
- When giving up on a non-finished dir request, log how many bytes
|
||||||
dropped, to see whether it's worthwhile to use partial info.
|
dropped, to see whether it's worthwhile to use partial info.
|
||||||
- Security
|
- Security
|
||||||
|
11
doc/tor.1.in
11
doc/tor.1.in
@ -83,12 +83,17 @@ their current liveness status. A value of "0 seconds" tells Tor to choose an
|
|||||||
appropriate default. (Default: 1 hour for clients, 20 minutes for servers)
|
appropriate default. (Default: 1 hour for clients, 20 minutes for servers)
|
||||||
.LP
|
.LP
|
||||||
.TP
|
.TP
|
||||||
\fBDirServer \fR\fIaddress:port fingerprint\fP
|
\fBDirServer \fR[v1] \fIaddress:port fingerprint\fP
|
||||||
Use a nonstandard authoritative directory server at the provided
|
Use a nonstandard authoritative directory server at the provided
|
||||||
address and port, with the specified key fingerprint. This option can
|
address and port, with the specified key fingerprint. This option can
|
||||||
be repeated many times, for multiple authoritative directory
|
be repeated many times, for multiple authoritative directory
|
||||||
servers. If no \fBdirserver\fP line is given, Tor will use the default
|
servers. If the "v1" option is provided, Tor will use this server as an
|
||||||
directory servers: moria1, moria2, and tor26.
|
authority for old-style (v1) directories as well. (Only directory mirrors
|
||||||
|
care about this.) If no \fBdirserver\fP line is given, Tor will use the default
|
||||||
|
directory servers: moria1, moria2, and tor26. NOTE: this option is intended
|
||||||
|
for setting up a private Tor network with its own directory authorities. If
|
||||||
|
you use it, you will be distinguishable from other users, because you won't
|
||||||
|
believe the same authorities they do.
|
||||||
.LP
|
.LP
|
||||||
.TP
|
.TP
|
||||||
\fBGroup \fR\fIGID\fP
|
\fBGroup \fR\fIGID\fP
|
||||||
|
@ -66,12 +66,20 @@
|
|||||||
## (Default: 1 hour for clients, 20 minutes for servers)
|
## (Default: 1 hour for clients, 20 minutes for servers)
|
||||||
#DirFetchPeriod N seconds|minutes|hours|days|weeks
|
#DirFetchPeriod N seconds|minutes|hours|days|weeks
|
||||||
|
|
||||||
## Use a nonstandard authoritative directory server at the pro-
|
## Tor only trusts directories signed with one of these keys, and
|
||||||
## vided address and port, with the specified key fingerprint.
|
## uses the given addresses to connect to the trusted directory
|
||||||
## This option can be repeated many times, for multiple authorita-
|
## servers. If no DirServer lines are specified, Tor uses the built-in
|
||||||
## tive directory servers. If no dirserver line is given, Tor will
|
## defaults (moria1, moria2, tor26), so you can leave this alone unless
|
||||||
## use the default directory servers: moria1, moria2, and tor26.
|
## you need to change it.
|
||||||
#DirServer address:port fingerprint
|
##
|
||||||
|
## WARNING! Changing these options will make your Tor behave
|
||||||
|
## differently from everyone else's, and hurt your anonymity. Even
|
||||||
|
## uncommenting these lines is a bad idea. They are the defaults now,
|
||||||
|
## but the defaults may change in the future, leaving you behind.
|
||||||
|
##
|
||||||
|
#DirServer v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
|
||||||
|
#DirServer v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
|
||||||
|
#DirServer v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
|
||||||
|
|
||||||
## On startup, setgid to this user.
|
## On startup, setgid to this user.
|
||||||
#Group GID
|
#Group GID
|
||||||
|
@ -54,15 +54,6 @@ AllowUnverifiedNodes middle,rendezvous
|
|||||||
## see the FAQ entry if you want Tor to run as an NT service.
|
## see the FAQ entry if you want Tor to run as an NT service.
|
||||||
#RunAsDaemon 1
|
#RunAsDaemon 1
|
||||||
|
|
||||||
## Tor only trusts directories signed with one of these keys, and
|
|
||||||
## uses the given addresses to connect to the trusted directory
|
|
||||||
## servers. If no DirServer lines are specified, Tor uses the built-in
|
|
||||||
## defaults (moria1, moria2, tor26), so you can leave this alone unless
|
|
||||||
## you need to change it.
|
|
||||||
#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
|
|
||||||
#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
|
|
||||||
#DirServer 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
|
|
||||||
|
|
||||||
## The directory for keeping all the keys/etc. By default, we store
|
## The directory for keeping all the keys/etc. By default, we store
|
||||||
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
|
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
|
||||||
#DataDirectory @LOCALSTATEDIR@/lib/tor
|
#DataDirectory @LOCALSTATEDIR@/lib/tor
|
||||||
|
@ -2101,6 +2101,7 @@ options_validate(or_options_t *options)
|
|||||||
if (!options->DirServers) {
|
if (!options->DirServers) {
|
||||||
add_default_trusted_dirservers(options);
|
add_default_trusted_dirservers(options);
|
||||||
} else {
|
} else {
|
||||||
|
log_fn(LOG_WARN, "You have used DirServer to specify directory authorities in your configuration. This is potentially dangerous: it can make you look different from all other Tor users, and hurt your anonymity. Even if you've specified the same authorities as Tor uses by default, the defaults could change in the future. Be sure you know what you're doing.");
|
||||||
for (cl = options->DirServers; cl; cl = cl->next) {
|
for (cl = options->DirServers; cl; cl = cl->next) {
|
||||||
if (parse_dir_server_line(cl->value, 1)<0)
|
if (parse_dir_server_line(cl->value, 1)<0)
|
||||||
result = -1;
|
result = -1;
|
||||||
|
Loading…
Reference in New Issue
Block a user