| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
I changed the API here in deb294ff532d074a7d4, to be less annoying
to use.
|
|
|
|
And make consequential line-length adjustments.
|
|
* Check consistency between the two single onion torrc options
* Use the more relevant option each time we check for single onion mode
* Clarify log messages
* Clarify comments
* Otherwise, no behaviour change
|
|
|
|
Tor checks that the flag matches the configured onion service anonymity.
Tor refuses to create unflagged onion service using ADD_ONION, if they
would be non-anonymous. The error is:
512 Tor is in non-anonymous onion mode
Similarly, if the NonAnonymous flag is present, and Tor has the default
anonymous onion config:
512 Tor is in anonymous onion mode
|
|
And make consequential changes to make it less error-prone.
No behaviour change.
|
|
|
|
Parse the value to UseEntryNodes_option, then set UseEntryNodes before
validating options.
This way, Authorities, Tor2web, and Single Onion Services don't write
spurious "UseEntryNodes 0" lines to their configs. Document the fact that
these tor configurations ignore UseEntryNodes in the manual page.
Also reorder options validation so we modify UseEntryNodes first, then
check its value against EntryNodes.
And silence a warning about disabled UseEntryNodes for hidden services
when we're actually in non-anonymous single onion service mode.
|
|
Previously, we checked LearnCircuitBuildTimeout directly.
Fixes bug #20073 in commit 5b0b51ca3 on tor 0.2.4.12-alpha.
|
|
|
|
|
|
|
|
We log this message every time we validate tor's options.
There's no need to log a duplicate in main() as well.
(It is impossible to run main() without validating our options.)
|
|
|
|
The changes in #19973 fixed ReachableAddresses being applied
too broadly, but they also broke Tor2web (somewhat unintentional)
compatibility with ReachableAddresses.
This patch restores that functionality, which makes intro and
rend point selection is consistent between Tor2web and Single Onion
Services.
|
|
|
|
Add experimental OnionServiceSingleHopMode and
OnionServiceNonAnonymousMode options. When both are set to 1, every
hidden service on a tor instance becomes a non-anonymous Single Onion
Service. Single Onions make one-hop (direct) connections to their
introduction and renzedvous points. One-hop circuits make Single Onion
servers easily locatable, but clients remain location-anonymous.
This is compatible with the existing hidden service implementation, and
works on the current tor network without any changes to older relays or
clients.
Implements proposal #260, completes ticket #17178. Patch by teor & asn.
squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services
Redesign single onion service poisoning.
When in OnionServiceSingleHopMode, each hidden service key is poisoned
(marked as non-anonymous) on creation by creating a poison file in the
hidden service directory.
Existing keys are considered non-anonymous if this file exists, and
anonymous if it does not.
Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
are anonymous. Similarly, it refuses to launch in anonymous client mode
if any existing keys are non-anonymous.
Rewrite the unit tests to match and be more comprehensive.
Adds a bonus unit test for rend_service_load_all_keys().
|
|
Also check that the port list exists before freeing it.
Patch by asn.
|
|
Also, add tests for the function.
Closes 20081; bugfix on 0.2.0.16-alpha. This is a Guido Vranken
issue. Thanks, Guido!
|
|
|
|
|
|
|
|
openbsd helpfully handles gmtime() of INT64_MIN. Good job!
Our tests didn't handle that so well.
|
|
|
|
On openbsd64, I'm seeing a warning that the log isn't saying what
I'd expect, but I'm not seeing what the answer actually _is_ here.
|
|
|
|
|
|
|
|
|
|
|
|
These seem to have caused warnings on windows. Hmmm.
|
|
|
|
The point of diminishing returns has been reached.
|
|
The other test vectors are pretty complete, and get full coverage, I
believe.
This one test vector accounted for half the time spent in
test-slow. "Now that's slow!"
|
|
We have a mock for our RSA key generation function, so we now wire
it to pk_generate(). This covers all the cases that were not using
pk_generate() before -- all ~93 of them.
|
|
This shaves another 3-4 seconds off the main-path tests for me,
which is again worth it, according to XKCD#1204.
|
|
This makes tests faster and saves about 6 seconds for me, which
makes it worth it, according to https://xkcd.com/1205.
|
|
... when the directory authorities don't set min_paths_for_circs_pct.
Fixes bug 20117; bugfix on 02c320916e02 in tor-0.2.4.10-alpha.
Reported by Jesse V.
|
|
Patch from rubiate. See #19999
|
|
|
|
|
|
|
|
|
|
Previously, you needed to store the previous log severity in a local
variable, and it wasn't clear if you were allowed to call these
functions more than once.
|
|
|
|
|
|
Part of 19999.
|
