Commit Graph

608 Commits

Author SHA1 Message Date
Nick Mathewson
e3592cd8b5 html error in doxygen comment in rendservice.c 2016-10-24 10:31:16 -04:00
Nick Mathewson
55c468c521 Whitespace cleaning 2016-10-14 10:40:31 -04:00
Nick Mathewson
05aed5b635 Allow a unix: address to contain a C-style quoted string.
Feature 18753 -- all this to allow spaces.
2016-10-04 15:43:20 -04:00
Nick Mathewson
425f5e6d40 Fix a bogus memwipe length in rend_service_load_auth_keys().
Bugfix on a4f46ff8ba. Found by Coverity.
2016-09-14 10:58:53 -04:00
Nick Mathewson
9f0cb5af15 Merge branch 'feature-17178-v7-squashed-v2' 2016-09-13 10:20:08 -04:00
teor
f311c9ffa2 Replace OnionService* with HiddenService* in option names
And make consequential line-length adjustments.
2016-09-13 10:13:57 -04:00
teor
365ca3ca0f Refactor Single Onion code to improve consistency
* Check consistency between the two single onion torrc options
* Use the more relevant option each time we check for single onion mode
* Clarify log messages
* Clarify comments
* Otherwise, no behaviour change
2016-09-13 10:13:57 -04:00
teor
a4f46ff8ba Refactor the hidden service code to use rend_service_path
And make consequential changes to make it less error-prone.

No behaviour change.
2016-09-13 10:13:57 -04:00
teor
65b2d34c9c Allow the unit tests to pass a service list to rend_service_load_all_keys 2016-09-13 10:13:56 -04:00
teor
3e4a401ead Fix a typo in a comment in rend_consider_services_intro_points 2016-09-13 10:13:56 -04:00
teor
75ebbed557 Make Single Onion Service intro points respect ReachableAddresses 2016-09-13 10:13:55 -04:00
teor (Tim Wilson-Brown)
b560f852f2 Implement Prop #260: Single Onion Services
Add experimental OnionServiceSingleHopMode and
OnionServiceNonAnonymousMode options. When both are set to 1, every
hidden service on a tor instance becomes a non-anonymous Single Onion
Service. Single Onions make one-hop (direct) connections to their
introduction and renzedvous points. One-hop circuits make Single Onion
servers easily locatable, but clients remain location-anonymous.
This is compatible with the existing hidden service implementation, and
works on the current tor network without any changes to older relays or
clients.

Implements proposal #260, completes ticket #17178. Patch by teor & asn.

squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services

Redesign single onion service poisoning.

When in OnionServiceSingleHopMode, each hidden service key is poisoned
(marked as non-anonymous) on creation by creating a poison file in the
hidden service directory.

Existing keys are considered non-anonymous if this file exists, and
anonymous if it does not.

Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
are anonymous. Similarly, it refuses to launch in anonymous client mode
if any existing keys are non-anonymous.

Rewrite the unit tests to match and be more comprehensive.
Adds a bonus unit test for rend_service_load_all_keys().
2016-09-13 10:10:54 -04:00
teor (Tim Wilson-Brown)
b494ccc3c9 Make rend_service_free available to the unit tests
Also check that the port list exists before freeing it.

Patch by asn.
2016-09-13 10:08:06 -04:00
teor
55a2bfb056
Fix an indentation issue in rend_config_services 2016-09-06 17:49:52 +10:00
Andrea Shepard
341a159ab4 Appease make check-spaces 2016-09-05 17:47:39 +00:00
Nick Mathewson
bbaa7d09a0 Merge remote-tracking branch 'teor/reject-tap-v6' 2016-08-29 15:02:11 -04:00
teor
19816f2f78
Add a stub for rend_service_allow_direct_connection
It always returns 0. It should be replaced with the Single
Onion version from #17178 when both are merged.
2016-08-24 11:02:19 +10:00
Nick Mathewson
4757303873 Fix all -Wshadow warnings on Linux
This is a partial fix for 18902.
2016-07-28 06:58:44 -04:00
Nick Mathewson
cb8557f7c9 Merge branch 'maint-0.2.8' 2016-06-21 09:00:40 -04:00
Ivan Markin
b432efb838 Remove useless message about nonexistent onion services after uploading a descriptor 2016-06-21 09:00:22 -04:00
David Goulet
ab35f9de46 Correctly close intro circuit when deleting ephemeral HS
When deleting an ephemeral HS, we were only iterating on circuit with an
OPEN state. However, it could be possible that an intro point circuit didn't
reached the open state yet.

This commit makes it that we close the circuit regardless of its state
except if it was already marked for close.

Fixes #18604

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-16 13:09:24 -04:00
Nick Mathewson
71267bef4c Merge branch 'maint-0.2.8' 2016-05-11 12:36:55 -04:00
Nick Mathewson
b59d79134e Log find_rp_for_intro_() failures at LOG_PROTOCOL_WARN.
Closes ticket 18761.

Also fix a whitespace issue.
2016-05-11 12:36:19 -04:00
Nick Mathewson
33d3572a1d Merge branch 'feature15588_squashed' 2016-05-09 14:41:36 -04:00
John Brooks
162aa14eef Move rend client name checks to one function 2016-05-09 14:30:34 -04:00
John Brooks
d15354c73b Add client auth to rend_service_add_ephemeral 2016-05-09 14:28:08 -04:00
John Brooks
d5a23ce115 Move rend auth cookie en-/decoding to a function
Tor stores client authorization cookies in two slightly different forms.
The service's client_keys file has the standard base64-encoded cookie,
including two chars of padding. The hostname file and the client remove
the two padding chars, and store an auth type flag in the unused bits.

The distinction makes no sense. Refactor all decoding to use the same
function, which will accept either form, and use a helper function for
encoding the truncated format.
2016-05-09 14:28:08 -04:00
John Brooks
e7ff23beea Make rend_authorized_client_free public
This is needed by control.c.

Also, check whether client_name is set before doing memwipe.
2016-05-09 13:53:24 -04:00
John Brooks
896271d525 Use uint8_t for rend descriptor_cookie fields 2016-05-09 13:53:09 -04:00
John Brooks
2c057c2833 Scrub service name in introduction circuit warning
Fixes bug 18600.
2016-03-21 19:23:28 +07:00
Nick Mathewson
fe0d346a6d Merge remote-tracking branch 'teor/bug8976_01_028' 2016-03-11 11:11:38 -05:00
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00
teor (Tim Wilson-Brown)
fb939ed82e Replace Alice/Bob with client/service in hidden service comments 2016-01-26 13:48:31 +11:00
David Goulet
4a7964b3bc Don't allow a rendezvous point to have a private address
When an HS process an INTRODUCE2 cell, we didn't validate if the IP address
of the rendezvous point was a local address. If it's the case, we end up
wasting resources by trying to extend to a local address which fails since
we do not allow that in circuit_extend().

This commit now rejects a rendezvous point that has a local address once
seen at the hidden service side unless ExtendAllowPrivateAddresses is set.

Fixes #8976

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-12-08 15:57:12 -05:00
Nick Mathewson
be30c61ac1 Merge branch 'maint-0.2.7' 2015-11-25 08:53:46 -05:00
David Goulet
273b267fa2 Fix: use the right list in find_expiring_intro_point()
The wrong list was used when looking up expired intro points in a rend
service object causing what we think could be reachability issues and
triggering a BUG log.

Fixes #16702

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-11-23 09:02:54 -05:00
Nick Mathewson
0b3190d4b7 Merge remote-tracking branch 'donncha/feature14846_4' 2015-10-02 13:40:26 +02:00
Nick Mathewson
db5a9302c1 correct the doc for find_rp_for_intro.
Thanks to Roger for spotting this!
2015-09-02 08:51:24 -04:00
Nick Mathewson
a55f257d6a Simplify API for find_rp_for_intro()
The function now unconditionally allocates a new extend_info_t.
This should convince coverity that we're not leaking memory.
(CID 1311875)
2015-09-01 09:30:48 -04:00
Donncha O'Cearbhaill
1d205163e8 Generate service descriptors when PublishHidServDescriptors = 0
Removes a check to PublishHidServDescriptors in
rend_consider_services_upload(). This allows descriptors to be
generated and stored in the local cache when PublishHidServDescriptor = 0.

Keep the PublishHidServDescriptors option check in
rend_consider_descriptor_republication(). We will never need to republish
a descriptor if we are not publishing descriptors to the HSDirs.
2015-08-25 17:30:11 +02:00
Donncha O'Cearbhaill
e0b82e5968 Store service descriptors in the service descriptor cache
Service descriptors are now generated regardless of the the
PublishHidServDescriptors option. The generated descriptors are stored
in the service descriptor cache.

The PublishHidServDescriptors = 1 option now prevents descriptor
publication to the HSDirs rather than descriptor generation.
2015-08-25 17:30:11 +02:00
Donncha O'Cearbhaill
968cb95602 Preparatory indentation changes
Deindent a block of code inside the PublishHidServDescriptors option
check in upload_service_descriptor(). Stylistic commit to make the
subsequent reworking of this code cleaner.
2015-08-25 17:30:11 +02:00
Nick Mathewson
edaf681735 Break some wide lines 2015-07-16 11:11:21 -04:00
John Brooks
e03eaa3c4a Remove empty rend_service_validate_intro_early function 2015-07-14 02:30:04 -04:00
John Brooks
cdc5debfde Rename ambiguous introduction point functions
Task #15824
2015-07-14 02:29:17 -04:00
David Goulet
5fa280f7ad Fix comments in rendservice.c
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:12 -04:00
David Goulet
7657194d77 Count intro circuit and not only established ones
When cleaning up extra circuits that we've opened for performance reason, we
need to count all the introduction circuit and not only the established ones
else we can end up with too many introduction points.

This also adds the check for expiring nodes when serving an INTRODUCE cell
since it's possible old clients are still using them before we have time to
close them.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:12 -04:00
David Goulet
d67bf8b2f2 Upload descriptor when all intro points are ready
To upload a HS descriptor, this commits makes it that we wait for all
introduction point to be fully established.

Else, the HS ends up uploading a descriptor that may contain intro points
that are not yet "valid" meaning not yet established or proven to work. It
could also trigger three uploads for the *same* descriptor if every intro
points takes more than 30 seconds to establish because of desc_is_dirty
being set at each intro established.

To achieve that, n_intro_points_established varialbe is added to the
rend_service_t object that is incremented when we established introduction
point and decremented when we remove a valid intro point from our list.

The condition to upload a descriptor also changes to test if all intro
points are ready by making sure we have equal or more wanted intro points
that are ready.

The desc_id_dirty flag is kept to be able to still use the
RendInitialPostPeriod option.

This partially fixes #13483.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
David Goulet
1125a4876b Reuse intro points that failed but are still valid
There is a case where if the introduction circuit fails but the node is
still in the consensus, we clean up the intro point and choose an other one.
This commit fixes that by trying to reuse the existing intro point with a
maximum value of retry.

A retry_nodes list is added to rend_services_introduce() and when we remove
an invalid intro points that fits the use case mentionned before, we add the
node to the retry list instead of removing it. Then, we retry on them before
creating new ones.

This means that the requirement to remove an intro point changes from "if no
intro circuit" to "if no intro circuit then if no node OR we've reached our
maximum circuit creation count".

For now, the maximum retries is set to 3 which it completely arbitrary. It
should also at some point be tied to the work done on detecting if our
network is down or not.

Fixes #8239

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
David Goulet
7c7bb8b97e Refactor rend_services_introduce()
The reasoning for refactoring this function is that removing the
introduction point adaptative algorithm (#4862) ended up changing quite a
bit rend_services_introduce(). Also, to fix some open issues (#8239, #8864
and #13483), this work had to be done.

First, this removes time_expiring variable in an intro point object and
INTRO_POINT_EXPIRATION_GRACE_PERIOD trickery and use an expiring_nodes list
where intro nodes that should expire are moved to that list and cleaned up
only once the new descriptor is successfully uploaded. The previous scheme
was adding complexity and arbitrary timing to when we expire an intro point.
We keep the intro points until we are sure that the new descriptor is
uploaded and thus ready to be used by clients. For this,
rend_service_desc_has_uploaded() is added to notify the HS subsystem that
the descriptor has been successfully uploaded. The purpose of this function
is to cleanup the expiring nodes and circuits if any.

Secondly, this adds the remove_invalid_intro_points() function in order to
split up rend_services_introduce() a bit with an extra modification to it
that fixes #8864. We do NOT close the circuit nor delete the intro point if
the circuit is still alive but the node was removed from the consensus. Due
to possible information leak, we let the circuit and intro point object
expire instead.

Finally, the whole code flow is simplified and large amount of documentation
has been added to mostly explain the why of things in there.

Fixes #8864

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
David Goulet
adc04580f8 Add the torrc option HiddenServiceNumIntroductionPoints
This is a way to specify the amount of introduction points an hidden service
can have. Maximum value is 10 and the default is 3.

Fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
David Goulet
8dcbdf58a7 Remove intro points adaptative algorithm
Partially fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
David Goulet
a5b5d4bd2e Extend intro point to a 4th hop on cannibalization
Fixes #16260

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-17 09:32:26 -04:00
Andrea Shepard
0e0b65db4f Appease make check-spaces 2015-06-01 12:59:14 +00:00
Nick Mathewson
5dce1829bf Avoid double-free on rend_add_service() failure
Rend_add_service() frees its argument on failure; no need to free again.

Fixes bug 16228, bugfix on 0.2.7.1-alpha

Found by coverity; this is CID 1301387.
2015-05-28 13:23:09 -04:00
Yawning Angel
712bf06978 Add support for 'HiddenServiceMaxStream' to 'ADD_ONION'.
Done as a separate commit to ease backporting the tunables to 0.2.6.x.
2015-05-20 17:41:27 +00:00
Yawning Angel
db7bde08be Add "HiddenServiceMaxStreams" as a per-HS tunable.
When set, this limits the maximum number of simultaneous streams per
rendezvous circuit on the server side of a HS, with further RELAY_BEGIN
cells being silently ignored.

This can be modified via "HiddenServiceMaxStreamsCloseCircuit", which
if set will cause offending rendezvous circuits to be torn down instead.

Addresses part of #16052.
2015-05-20 17:33:59 +00:00
John Brooks
6f9e90101e Fix crash on HUP with mixed ephemeral services
Ephemeral services will be listed in rend_services_list at the end of
rend_config_services, so it must check whether directory is non-NULL
before comparing.

This crash happens when reloading config on a tor with mixed configured
and ephemeral services.

Fixes bug #16060. Bugfix on 0.2.7.1-alpha.
2015-05-16 20:01:38 -06:00
David Goulet
6346d73b8e Fix rend_config_services() indentation
Not sure what happened but whitespace gone wild! :)

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:27:04 -04:00
David Goulet
b6e7b57d9a Use safe_str_client() for service ID in log
Scrub the service ID in a warning log.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:26:57 -04:00
Nick Mathewson
b0ea36d779 Merge remote-tracking branch 'public/bug15821_025' 2015-05-05 15:06:57 -04:00
John Brooks
2b27ce52d2 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2015-05-05 15:05:32 -04:00
Donncha O'Cearbhaill
841c4aa715 Add "+HSPOST" and related "HS_DESC" event flags to the controller.
"+HSPOST" and the related event changes allow the uploading of HS
descriptors via the control port, and more comprehensive event
monitoring of HS descriptor upload status.
2015-05-04 11:41:28 -04:00
David Goulet
9a364026d3 Use rend_data_client/service_create() in code
Every callsite that use to allocate a rend_data_t object now use the
rend_data_client/service_create() function.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-30 12:35:21 -04:00
Yawning Angel
915c7438a7 Add "ADD_ONION"/"DEL_ONION" and "GETINFO onions/*" to the controller.
These commands allow for the creation and management of ephemeral
Onion ("Hidden") services that are either bound to the lifetime of
the originating control connection, or optionally the lifetime of
the tor instance.

Implements #6411.
2015-04-28 10:19:08 -04:00
Nick Mathewson
647b7d37c2 Merge remote-tracking branch 'public/bug15745_027_03' 2015-04-23 09:10:35 -04:00
Yawning Angel
196499da73 Use a custom Base64 encoder with more control over the output format. 2015-04-23 09:06:58 -04:00
David Goulet
3f41318472 Add crypto_rand_int_range() and use it
Incidently, this fixes a bug where the maximum value was never used when
only using crypto_rand_int(). For instance this example below in
rendservice.c never gets to INTRO_POINT_LIFETIME_MAX_SECONDS.

  int intro_point_lifetime_seconds =
    INTRO_POINT_LIFETIME_MIN_SECONDS +
    crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS -
                    INTRO_POINT_LIFETIME_MIN_SECONDS);

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 11:06:12 -04:00
David Goulet
6f6881c432 Use a random count of INTRODUCE2 for IP rotation
An introduction point is currently rotated when the amount of INTRODUCE2
cells reached a fixed value of 16384. This makes it pretty easy for an
attacker to inflate that number and observe when the IP rotates which leaks
the popularity of the HS (amount of client that passed through the IP).

This commit makes it a random count between the current value of 16384 and
two times that.

Fixes #15745

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-20 17:38:31 -04:00
Nick Mathewson
a201a5396e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-06 09:26:28 -04:00
Nick Mathewson
0475552140 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-06 09:26:16 -04:00
Nick Mathewson
fe69a7e1d7 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-06 09:25:37 -04:00
Yawning Angel
49ddd92c11 Validate the RSA key size received when parsing INTRODUCE2 cells.
Fixes bug 15600; reported by skruffy
2015-04-06 09:18:17 -04:00
Nick Mathewson
24352d0d70 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-03 09:47:57 -04:00
George Kadianakis
929a8f199b Decrease the amount of rend circ relaunches for hidden services. 2015-04-03 09:47:40 -04:00
Nick Mathewson
3a68f2f54e const-ify the new failure vars, and one old one 2015-03-13 09:41:49 -04:00
Sebastian Hahn
badc81de5b Don't init hs intro key as side effect of an assert 2015-03-12 18:59:46 +01:00
Yawning Angel
cbd26157c5 Remove tor_strclear(), and replace previous calls with memwipe(). 2015-02-17 18:53:33 +00:00
Sebastian Hahn
37d16c3cc7 Reserve enough space for rend_service_port_config_t
In #14803, Damian noticed that his Tor sometimes segfaults. Roger noted
that his valgrind gave an invalid write of size one here. Whenever we
use FLEXIBLE_ARRAY_MEMBER, we have to make sure to actually malloc a
thing that's large enough.

Fixes bug #14803, not in any released version of Tor.
2015-02-09 04:48:16 +01:00
Nick Mathewson
097286e476 Fix some unused-argument warnings 2015-01-30 14:47:56 -05:00
Nick Mathewson
bc9ade055e Fix an uninitialized-variable warning. 2015-01-30 14:46:18 -05:00
David Goulet
44e9dafb67 Fix: test -ENOENT after config_parse_unix_port()
Check for -ENOENT instead of ENOENT after the HS port is parsed.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-30 14:13:27 -05:00
David Goulet
ebc59092bc Make hidden service use the config unix prefix
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 18:01:53 -05:00
Nick Mathewson
a3de2dfde6 Merge branch 'bug11485_026_v2_squashed' 2015-01-28 14:32:19 -05:00
David Goulet
fb523b543a fixup! Refactor the use of ifdef HAVE_SYS_UN_H
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 14:30:23 -05:00
Andrea Shepard
bce824a9ad Actually make connections to HSes on AF_UNIX sockets 2015-01-28 14:30:23 -05:00
Andrea Shepard
6564291601 Handle config options for AF_UNIX hidden services rendservice.c 2015-01-28 14:30:23 -05:00
Nick Mathewson
20d0b1a04e Bump a client authorization message from debug to info.
A user wants this for 14015, and it seems fairly reasonable.
2015-01-28 09:42:28 -05:00
Andrea Shepard
03d6a31716 Groundwork for AF_UNIX hidden services in rendservice.c 2015-01-27 06:22:37 +00:00
Nick Mathewson
e7e33d4b04 Merge branch 'bug14084' 2015-01-20 14:07:37 -05:00
teor
ac2f90ed00 Speed up hidden service bootstrap by reducing the initial post delay
Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds,
but keep the default at 30 seconds.

Reduces the hidden service bootstrap to 25 seconds from around 45 seconds.
Change the default src/test/test-network.sh delay to 25 seconds.

Closes ticket 13401.
2015-01-10 22:34:29 +11:00
Nick Mathewson
276700131a Tolerate starting up with missing hidden service directory
Fixes bug 14106; bugfix on 0.2.6.2-alpha

Found by stem tests.
2015-01-05 11:39:38 -05:00
Nick Mathewson
74cd57517c New option "HiddenServiceAllowUnknownPorts"
This allows hidden services to disable the anti-scanning feature
introduced in 0.2.6.2-alpha. With this option not set, a connection
to an unlisted port closes the circuit.  With this option set, only
a RELAY_DONE cell is sent.

Closes ticket #14084.
2015-01-03 12:34:52 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
Nick Mathewson
ac632a784c Coalesce v0 and v1 fields of rend_intro_cell_t
This saves a tiny bit of code, and makes a longstanding coverity
false positive go away.
2014-12-30 12:07:39 -05:00
Nick Mathewson
f7e8bc2b4b fix a long line 2014-12-12 08:54:07 -05:00
Nick Mathewson
915c9a517e Merge remote-tracking branch 'meejah/ticket-13941-b' 2014-12-12 08:53:14 -05:00
Nick Mathewson
7c5d888977 Tweak 13942 fix 2014-12-12 08:49:52 -05:00
meejah
85bfad1875 Pre-check hidden-service-dir permissions/ownership
See ticket #13942 where Tor dies if you feed it a hidden service
directory with the wrong owner via SETCONF.
2014-12-11 18:46:56 -07:00
meejah
76753efd7b Fix 13941: make calling log_new_relay_greeting() optional.
Specifically, only if we're creating secret_id_key do we log the
greeting (and then only if the key is actually created).
2014-12-11 18:43:51 -07:00