summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2017-04-25 13:58:35 -0400
committerNick Mathewson <nickm@torproject.org>2017-05-09 10:30:52 -0400
commitbc34654ba2df0e4f4834095ab404f5429c518be9 (patch)
treec80ca69fa87825c8bd2ac16740134a00e3750fef
parent09bc858dd54101e645b31bf32fe463b73c38add2 (diff)
downloadtor-bc34654ba2df0e4f4834095ab404f5429c518be9.tar.gz
tor-bc34654ba2df0e4f4834095ab404f5429c518be9.zip
config: Remove FastFirstHopPK option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans up the code associated with it. Partially fixes #22060 Signed-off-by: David Goulet <dgoulet@torproject.org>
-rw-r--r--changes/bug220602
-rw-r--r--doc/tor.1.txt12
-rw-r--r--src/or/circuitbuild.c7
-rw-r--r--src/or/config.c4
-rw-r--r--src/or/or.h2
5 files changed, 4 insertions, 23 deletions
diff --git a/changes/bug22060 b/changes/bug22060
index e112b8970c..7447b6f805 100644
--- a/changes/bug22060
+++ b/changes/bug22060
@@ -7,3 +7,5 @@
rendered obsolete. Code has been removed and feature no longer exists.
- ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has been
rendered obsolete. Code has been removed and feature no longer exists.
+ - FastFirstHopPK was deprecated in 0.2.9.2-alpha and now has been rendered
+ obsolete. Code has been removed and feature no longer exists.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 54d0614d60..a9a2d4a943 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1326,18 +1326,6 @@ The following options are useful only for clients (that is, if
the node "foo". Disabled by default since attacking websites and exit
relays can use it to manipulate your path selection. (Default: 0)
-[[FastFirstHopPK]] **FastFirstHopPK** **0**|**1**|**auto**::
- When this option is disabled, Tor uses the public key step for the first
- hop of creating circuits. Skipping it is generally safe since we have
- already used TLS to authenticate the relay and to establish forward-secure
- keys. Turning this option off makes circuit building a little
- slower. Setting this option to "auto" takes advice from the authorities
- in the latest consensus about whether to use this feature. +
- +
- Note that Tor will always use the public key step for the first hop if it's
- operating as a relay, and it will never use the public key step if it
- doesn't yet know the onion key of the first hop. (Default: auto)
-
[[TransPort]] **TransPort** \['address':]__port__|**auto** [_isolation flags_]::
Open this port to listen for transparent proxy connections. Set this to
0 if you don't want to allow transparent proxy connections. Set the port
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 012229bf86..0af962e645 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -816,12 +816,7 @@ should_use_create_fast_for_circuit(origin_circuit_t *circ)
* creating on behalf of others. */
return 0;
}
- if (options->FastFirstHopPK == -1) {
- /* option is "auto", so look at the consensus. */
- return networkstatus_get_param(NULL, "usecreatefast", 0, 0, 1);
- }
-
- return options->FastFirstHopPK;
+ return networkstatus_get_param(NULL, "usecreatefast", 0, 0, 1);
}
/** Return true if <b>circ</b> is the type of circuit we want to count
diff --git a/src/or/config.c b/src/or/config.c
index a922433906..bf658ce5ca 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -323,7 +323,7 @@ static config_var_t option_vars_[] = {
OBSOLETE("FallbackNetworkstatusFile"),
V(FascistFirewall, BOOL, "0"),
V(FirewallPorts, CSV, ""),
- V(FastFirstHopPK, AUTOBOOL, "auto"),
+ OBSOLETE("FastFirstHopPK"),
V(FetchDirInfoEarly, BOOL, "0"),
V(FetchDirInfoExtraEarly, BOOL, "0"),
V(FetchServerDescriptors, BOOL, "1"),
@@ -664,8 +664,6 @@ static const config_deprecation_t option_deprecation_notes_[] = {
"a wide variety of application-level attacks." },
{ "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
"easier to fingerprint, and may open you to esoteric attacks." },
- { "FastFirstHopPK", "Changing this option does not make your client more "
- "secure, but does make it easier to fingerprint." },
{ "CloseHSClientCircuitsImmediatelyOnTimeout", "This option makes your "
"client easier to fingerprint." },
{ "CloseHSServiceRendCircuitsImmediatelyOnTimeout", "This option makes "
diff --git a/src/or/or.h b/src/or/or.h
index e221959d6e..e30d3da1a2 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4057,8 +4057,6 @@ typedef struct {
int NumDirectoryGuards; /**< How many dir guards do we try to establish?
* If 0, use value from NumEntryGuards. */
int RephistTrackTime; /**< How many seconds do we keep rephist info? */
- int FastFirstHopPK; /**< If Tor believes it is safe, should we save a third
- * of our PK time by sending CREATE_FAST cells? */
/** Should we always fetch our dir info on the mirror schedule (which
* means directly from the authorities) no matter our other config? */
int FetchDirInfoEarly;