summaryrefslogtreecommitdiff
path: root/src/feature
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-09-26 08:36:09 -0400
committerNick Mathewson <nickm@torproject.org>2018-09-26 08:36:09 -0400
commit5e5e019b31296b5a829afc4f7f3766697888b678 (patch)
tree204a6623bafc7f9380c9c2239fc1572f42df0f25 /src/feature
parentc82163dff468443d28b6d0c9b1253f7721eb3fdc (diff)
parent36be6f0d2d9a518ebd1d914e70b07c1967bf235e (diff)
downloadtor-5e5e019b31296b5a829afc4f7f3766697888b678.tar.gz
tor-5e5e019b31296b5a829afc4f7f3766697888b678.zip
Merge remote-tracking branch 'dgoulet/bug27550_035_01'
Diffstat (limited to 'src/feature')
-rw-r--r--src/feature/dirclient/dirclient.c2
-rw-r--r--src/feature/hs/hs_client.c4
-rw-r--r--src/feature/hs/hs_descriptor.c20
3 files changed, 18 insertions, 8 deletions
diff --git a/src/feature/dirclient/dirclient.c b/src/feature/dirclient/dirclient.c
index 0f5f870313..6e8836a6dc 100644
--- a/src/feature/dirclient/dirclient.c
+++ b/src/feature/dirclient/dirclient.c
@@ -2720,7 +2720,7 @@ handle_response_fetch_hsdesc_v3(dir_connection_t *conn,
case 200:
/* We got something: Try storing it in the cache. */
if (hs_cache_store_as_client(body, &conn->hs_ident->identity_pk) < 0) {
- log_warn(LD_REND, "Failed to store hidden service descriptor");
+ log_info(LD_REND, "Failed to store hidden service descriptor");
/* Fire control port FAILED event. */
hs_control_desc_event_failed(conn->hs_ident, conn->identity_digest,
"BAD_DESC");
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 0d382f9c85..edfd47c727 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -1270,10 +1270,6 @@ hs_client_decode_descriptor(const char *desc_str,
client_auht_sk, desc);
memwipe(subcredential, 0, sizeof(subcredential));
if (ret < 0) {
- log_warn(LD_GENERAL, "Could not parse received descriptor as client.");
- if (get_options()->SafeLogging_ == SAFELOG_SCRUB_NONE) {
- log_warn(LD_GENERAL, "%s", escaped(desc_str));
- }
goto err;
}
diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c
index d0cdffdf10..b9a0c0ef1f 100644
--- a/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@@ -1540,7 +1540,7 @@ decrypt_desc_layer,(const hs_descriptor_t *desc,
* This is a critical check that is making sure the computed MAC matches the
* one in the descriptor. */
if (!tor_memeq(our_mac, desc_mac, sizeof(our_mac))) {
- log_warn(LD_REND, "Encrypted service descriptor MAC check failed");
+ log_info(LD_REND, "Encrypted service descriptor MAC check failed");
goto err;
}
@@ -1662,7 +1662,6 @@ desc_decrypt_encrypted(const hs_descriptor_t *desc,
desc->superencrypted_data.encrypted_blob_size,
descriptor_cookie, 0, &encrypted_plaintext);
if (!encrypted_len) {
- log_warn(LD_REND, "Decrypting encrypted desc failed.");
goto err;
}
tor_assert(encrypted_plaintext);
@@ -2272,7 +2271,22 @@ desc_decode_encrypted_v3(const hs_descriptor_t *desc,
* in the descriptor as a blob of bytes. */
message_len = desc_decrypt_encrypted(desc, client_auth_sk, &message);
if (!message_len) {
- log_warn(LD_REND, "Service descriptor decryption failed.");
+ /* Two possible situation here. Either we have a client authorization
+ * configured that didn't work or we do not have any configured for this
+ * onion address so likely the descriptor is for authorized client only,
+ * we are not. */
+ if (client_auth_sk) {
+ /* At warning level so the client can notice that its client
+ * authorization is failing. */
+ log_warn(LD_REND, "Client authorization for requested onion address "
+ "is invalid. Can't decrypt the descriptor.");
+ } else {
+ /* Inform at notice level that the onion address requested can't be
+ * reached without client authorization most likely. */
+ log_notice(LD_REND, "Fail to decrypt descriptor for requested onion "
+ "address. It is likely requiring client "
+ "authorization.");
+ }
goto err;
}
tor_assert(message);