diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-08-03 12:08:57 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-08-03 12:08:57 -0400 |
| commit | 66e610da7239e8921c0063043c07c7f2c3fd48d9 (patch) | |
| tree | 6b0b2c5ac09ee4353b2834f9d7ca2da3d8610185 /src/or/config.c | |
| parent | e6220ccbf8004090b9bcc7228b33d85d2cf9c067 (diff) | |
| download | tor-66e610da7239e8921c0063043c07c7f2c3fd48d9.tar.gz tor-66e610da7239e8921c0063043c07c7f2c3fd48d9.zip | |
Mark a big pile of options as deprecated.
Diffstat (limited to 'src/or/config.c')
| -rw-r--r-- | src/or/config.c | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/src/or/config.c b/src/or/config.c index 2f5ba6c6f7..cf1365a7ed 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -588,6 +588,44 @@ static const config_var_t testing_tor_network_defaults[] = { #undef V #undef OBSOLETE +static const config_deprecation_t option_deprecation_notes_[] = { + { "AllowDotExit", "Unrestricted use of the .exit notation can be used for " + "a wide variety of application-level attacks." }, + { "AllowInvalidNodes", "There is no reason to enable this option; at best " + "it will make you easier to track." }, + { "AllowSingleHopCircuits", "Almost no relays actually allow single-hop " + "exits, making this option pointless." }, + { "AllowSingleHopExits", "Turning this on will make your relay easier " + "to abuse." }, + { "ClientDNSRejectInternalAddresses", "Turning this on makes your client " + "easier to fingerprint, and may open you to esoteric attacks." }, + { "ExcludeSingleHopRelays", "Turning it on makes your client easier to " + "fingerprint." }, + { "FastFirstHopPK", "Changing this option does not make your client more " + "secure, but does make it easier to fingerprint." }, + { "CloseHSClientCircutisImmediatelyOnTimeout", "This option makes your " + "client easier to fingerprint." }, + { "CloseHSServiceRendircutisImmediatelyOnTimeout", "This option makes " + "your hidden services easier to fingerprint." }, + { "WarnUnsafeSocks", "Changing this option makes it easier for you " + "to accidentally lose your anonymity by leaking DNS information" }, + { "TLSECGroup", "The default is a nice secure choice; the other option " + "is less secure." }, + { "UseNTorHandshake", "The ntor handshake should always be used." }, + + { "ControlListenAddress", "Use ControlPort instead." }, + { "DirListenAddress", "Use DirPort instead, possibly with the " + "NoAdvertise sub-option" }, + { "DNSListenAddress", "Use DNSPort instead." }, + { "SocksListenAddress", "Use SocksPort instead." }, + { "TransListenAddress", "Use TransPort instead." }, + { "NATDListenAddress", "Use NATDPort instead." }, + { "ORListenAddress", "Use ORPort instead, possibly with the " + "NoAdvertise sub-option" }, + + { NULL, NULL } +}; + #ifdef _WIN32 static char *get_windows_conf_root(void); #endif @@ -636,7 +674,7 @@ STATIC config_format_t options_format = { OR_OPTIONS_MAGIC, STRUCT_OFFSET(or_options_t, magic_), option_abbrevs_, - NULL, + option_deprecation_notes_, option_vars_, options_validate_cb, NULL |