From 6443812e343635d0db6ea1aac58b817732b7f29a Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 25 Jul 2018 14:28:06 +1000 Subject: [PATCH 1/2] Stop logging link auth warnings on Single Onion Services and Tor2web Instead, log a protocol warning when single onion services or Tor2web clients fail to authenticate direct connections to relays. Fixes bug 26924; bugfix on 0.2.9.1-alpha. --- changes/bug26924 | 4 ++++ src/or/connection_or.c | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 changes/bug26924 diff --git a/changes/bug26924 b/changes/bug26924 new file mode 100644 index 0000000000..882db56b40 --- /dev/null +++ b/changes/bug26924 @@ -0,0 +1,4 @@ + o Minor bugfixes (single onion services, Tor2web): + - Log a protocol warning when single onion services or Tor2web clients + fail to authenticate direct connections to relays. + Fixes bug 26924; bugfix on 0.2.9.1-alpha. diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 8beedcae72..a01d086279 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -47,6 +47,7 @@ #include "nodelist.h" #include "reasons.h" #include "relay.h" +#include "rendcommon.h" #include "rephist.h" #include "router.h" #include "routerlist.h" @@ -1628,10 +1629,13 @@ connection_or_client_learned_peer_id(or_connection_t *conn, conn->identity_digest); const int is_authority_fingerprint = router_digest_is_trusted_dir( conn->identity_digest); + const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options); int severity; const char *extra_log = ""; - if (server_mode(options)) { + /* Relays, Single Onion Services, and Tor2web make direct connections using + * untrusted authentication keys. */ + if (server_mode(options) || non_anonymous_mode) { severity = LOG_PROTOCOL_WARN; } else { if (using_hardcoded_fingerprints) { From 859d5a737502258641703cb52598b64bd08ce870 Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 25 Jul 2018 14:39:31 +1000 Subject: [PATCH 2/2] Improve connection auth logging Improve the log message when connection initiators fail to authenticate direct connections to relays. Fixes bug 26927; bugfix on 0.3.0.1-alpha. --- changes/bug26927 | 4 ++++ src/or/connection_or.c | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) create mode 100644 changes/bug26927 diff --git a/changes/bug26927 b/changes/bug26927 new file mode 100644 index 0000000000..cd035bba8e --- /dev/null +++ b/changes/bug26927 @@ -0,0 +1,4 @@ + o Minor bugfixes (logging): + - Improve the log message when connection initiators fail to authenticate + direct connections to relays. + Fixes bug 26927; bugfix on 0.3.0.1-alpha. diff --git a/src/or/connection_or.c b/src/or/connection_or.c index add0493d23..fe2cea4f46 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1708,8 +1708,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } log_fn(severity, LD_HANDSHAKE, - "Tried connecting to router at %s:%d, but RSA identity key was not " - "as expected: wanted %s + %s but got %s + %s.%s", + "Tried connecting to router at %s:%d, but RSA + ed25519 identity " + "keys were not as expected: wanted %s + %s but got %s + %s.%s", conn->base_.address, conn->base_.port, expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log); @@ -1726,8 +1726,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, } if (!expected_ed_key && ed_peer_id) { - log_info(LD_HANDSHAKE, "(we had no Ed25519 ID in mind when we made this " - "connection."); + log_info(LD_HANDSHAKE, "(We had no Ed25519 ID in mind when we made this " + "connection.)"); connection_or_set_identity_digest(conn, (const char*)rsa_peer_id, ed_peer_id); changed_identity = 1;