diff options
| author | David Goulet <dgoulet@torproject.org> | 2018-12-03 11:22:14 -0500 |
|---|---|---|
| committer | George Kadianakis <desnacked@riseup.net> | 2018-12-04 18:49:19 +0200 |
| commit | 0906dde9d5ac409caf9f70ea7ec00efc42ec27ca (patch) | |
| tree | 0e24a0bfff5d23e92f2551734f80f31f3455d3b5 /doc | |
| parent | 1a97379e5e5d349b4debd5ac61bedcca623dd386 (diff) | |
| download | tor-0906dde9d5ac409caf9f70ea7ec00efc42ec27ca.tar.gz tor-0906dde9d5ac409caf9f70ea7ec00efc42ec27ca.zip | |
man: Document HSv3 client authorization revocation
Removing a ".auth" file revokes a client access to the service but the
rendezvous circuit is not closed service side because the service simply
doesn't know which circuit is for which client.
This commit notes in the man page that to fully revoke a client access to the
service, the tor process should be restarted.
Closes #28275
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tor.1.txt | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 097db065bb..581783dd65 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -2961,6 +2961,10 @@ Note that once you've configured client authorization, anyone else with the address won't be able to access it from this point on. If no authorization is configured, the service will be accessible to anyone with the onion address. +Revoking a client can be done by removing their ".auth" file, however the +revocation will be in effect only after the tor process gets restarted even if +a SIGHUP takes place. + See the Appendix G in the rend-spec-v3.txt file of https://spec.torproject.org/[torspec] for more information. |