diff options
| -rw-r--r-- | doc/tor.1.txt | 7 | ||||
| -rw-r--r-- | src/or/config.c | 1 | ||||
| -rw-r--r-- | src/or/dirserv.c | 7 | ||||
| -rw-r--r-- | src/or/or.h | 5 |
4 files changed, 18 insertions, 2 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 1071168441..9f6f95830a 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -2270,6 +2270,13 @@ on the public Tor network. (default), the flag "shared-rand-participate" is added to the authority vote indicating participation in the protocol. (Default: 1) +[[AuthDirTestEd25519LinkKeys]] **AuthDirTestEd25519LinkKeys** **0**|**1**:: + Authoritative directories only. If this option is set to 0, then we treat + relays as "Running" if their RSA key is correct when we probe them, + regardless of their Ed25519 key. We should only ever set this option to 0 + if there is some major bug in Ed25519 link authentication that causes us + to label all the relays as not Running. (Default: 1) + [[BridgePassword]] **BridgePassword** __Password__:: If set, contains an HTTP authenticator that tells a bridge authority to serve all requested bridge information. Used by the (only partially diff --git a/src/or/config.c b/src/or/config.c index 51c62908e3..d100af812c 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -498,6 +498,7 @@ static config_var_t option_vars_[] = { V(User, STRING, NULL), OBSOLETE("UserspaceIOCPBuffers"), V(AuthDirSharedRandomness, BOOL, "1"), + V(AuthDirTestEd25519LinkKeys, BOOL, "1"), OBSOLETE("V1AuthoritativeDirectory"), OBSOLETE("V2AuthoritativeDirectory"), VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"), diff --git a/src/or/dirserv.c b/src/or/dirserv.c index d060b297a7..0b896a2845 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -3186,7 +3186,8 @@ dirserv_orconn_tls_done(const tor_addr_t *addr, ri = node->ri; - if (ri->cache_info.signing_key_cert) { + if (get_options()->AuthDirTestEd25519LinkKeys && + ri->cache_info.signing_key_cert) { /* We allow the node to have an ed25519 key if we haven't been told one in * the routerinfo, but if we *HAVE* been told one in the routerinfo, it * needs to match. */ @@ -3256,6 +3257,7 @@ dirserv_should_launch_reachability_test(const routerinfo_t *ri, void dirserv_single_reachability_test(time_t now, routerinfo_t *router) { + const or_options_t *options = get_options(); channel_t *chan = NULL; node_t *node = NULL; tor_addr_t router_addr; @@ -3266,7 +3268,8 @@ dirserv_single_reachability_test(time_t now, routerinfo_t *router) node = node_get_mutable_by_id(router->cache_info.identity_digest); tor_assert(node); - if (node_supports_ed25519_link_authentication(node)) { + if (options->AuthDirTestEd25519LinkKeys && + node_supports_ed25519_link_authentication(node)) { ed_id_key = &router->cache_info.signing_key_cert->signing_key; } else { ed_id_key = NULL; diff --git a/src/or/or.h b/src/or/or.h index 14c2dd8bc2..7e11bf05aa 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4577,6 +4577,11 @@ typedef struct { /** Autobool: Should we include Ed25519 identities in extend2 cells? * If -1, we should do whatever the consensus parameter says. */ int ExtendByEd25519ID; + + /** Bool (default: 1): When testing routerinfos as a directory authority, + * do we enforce Ed25519 identity match? */ + /* NOTE: remove this option someday. */ + int AuthDirTestEd25519LinkKeys; } or_options_t; /** Persistent state for an onion router, as saved to disk. */ |