Merge branch 'maint-0.3.4' into release-0.3.4

author: Nick Mathewson <nickm@torproject.org> 2018-07-30 08:45:01 -0400
committer: Nick Mathewson <nickm@torproject.org> 2018-07-30 08:45:01 -0400
commit: 1a57de97aecd3e6a8fdbf1d2b10d7423ea38d9ce (patch)
tree: 988a3c7c125d727ac8be3047995a72f688f09fa2
parent: 33d80123ce644cfedcd283ab7f764a84e9f8d930 (diff)
parent: 7d66ec0feba7aa7cfbaeb8c3af2df35cdcd536f1 (diff)
download: tor-1a57de97aecd3e6a8fdbf1d2b10d7423ea38d9ce.tar.gz
tor-1a57de97aecd3e6a8fdbf1d2b10d7423ea38d9ce.zip
3 files changed, 17 insertions, 5 deletions
diff --git a/changes/bug26924 b/changes/bug26924
new file mode 100644
index 0000000000..882db56b40
--- /dev/null
+++ b/changes/bug26924
@@ -0,0 +1,4 @@
+  o Minor bugfixes (single onion services, Tor2web):
+    - Log a protocol warning when single onion services or Tor2web clients
+      fail to authenticate direct connections to relays.
+      Fixes bug 26924; bugfix on 0.2.9.1-alpha.
diff --git a/changes/bug26927 b/changes/bug26927
new file mode 100644
index 0000000000..cd035bba8e
--- /dev/null
+++ b/changes/bug26927
@@ -0,0 +1,4 @@
+  o Minor bugfixes (logging):
+    - Improve the log message when connection initiators fail to authenticate
+      direct connections to relays.
+      Fixes bug 26927; bugfix on 0.3.0.1-alpha.
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 7898fbd42e..bd5f06bc6a 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -52,6 +52,7 @@
 #include "proto_cell.h"
 #include "reasons.h"
 #include "relay.h"
+#include "rendcommon.h"
 #include "rephist.h"
 #include "router.h"
 #include "routerkeys.h"
@@ -1917,10 +1918,13 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
                                                    conn->identity_digest);
     const int is_authority_fingerprint = router_digest_is_trusted_dir(
                                                    conn->identity_digest);
+    const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options);
     int severity;
     const char *extra_log = "";
 
-    if (server_mode(options)) {
+    /* Relays, Single Onion Services, and Tor2web make direct connections using
+     * untrusted authentication keys. */
+    if (server_mode(options) || non_anonymous_mode) {
       severity = LOG_PROTOCOL_WARN;
     } else {
       if (using_hardcoded_fingerprints) {
@@ -1944,8 +1948,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
     }
 
     log_fn(severity, LD_HANDSHAKE,
-           "Tried connecting to router at %s:%d, but RSA identity key was not "
-           "as expected: wanted %s + %s but got %s + %s.%s",
+           "Tried connecting to router at %s:%d, but RSA + ed25519 identity "
+           "keys were not as expected: wanted %s + %s but got %s + %s.%s",
            conn->base_.address, conn->base_.port,
            expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log);
 
@@ -1962,8 +1966,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
   }
 
   if (!expected_ed_key && ed_peer_id) {
-    log_info(LD_HANDSHAKE, "(we had no Ed25519 ID in mind when we made this "
-             "connection.");
+    log_info(LD_HANDSHAKE, "(We had no Ed25519 ID in mind when we made this "
+             "connection.)");
     connection_or_set_identity_digest(conn,
                                       (const char*)rsa_peer_id, ed_peer_id);
     changed_identity = 1;
author	Nick Mathewson <nickm@torproject.org>	2018-07-30 08:45:01 -0400
committer	Nick Mathewson <nickm@torproject.org>	2018-07-30 08:45:01 -0400
commit	1a57de97aecd3e6a8fdbf1d2b10d7423ea38d9ce (patch)
tree	988a3c7c125d727ac8be3047995a72f688f09fa2
parent	33d80123ce644cfedcd283ab7f764a84e9f8d930 (diff)
parent	7d66ec0feba7aa7cfbaeb8c3af2df35cdcd536f1 (diff)
download	tor-1a57de97aecd3e6a8fdbf1d2b10d7423ea38d9ce.tar.gz tor-1a57de97aecd3e6a8fdbf1d2b10d7423ea38d9ce.zip