Remove client code for connecting to and using 0.2.2 servers

We can finally drop support for the client-side V2 link handshake!

changed milestone to %Tor: 0.2.8.x-final

added 026-triaged-1 027-triaged-1-out 028-triaged component::core tor/tor milestone::Tor: 0.2.8.x-final owner::TvdW parent::9476 points::small priority::medium resolution::implemented severity::normal status::closed tor-client type::defect labels

Trac:
Milestone: Tor: 0.2.5.x-final to Tor: 0.2.6.x-final

Trac:
Keywords: N/A deleted, 026-triaged-1 added

Trac:
Owner: N/A to rl1987
Status: new to accepted

Initial work on this has been done :

https://github.com/TvdW/tor/commit/75b5d94eb976ee4998189dc69582c62511dde9eb (stops supporting v1 and drops support for parsing pre-0.2.3.17 handshakes) https://github.com/TvdW/tor/commit/c5edd3f4deb0bfbf8d6e61b4723ddb563402431b (stops hacking around openssl's client certificates)

I also revised the spec a little :

https://github.com/TvdW/torspec/commit/88457e2b824f9088c7a92902fcfa4effc90ed620

None of these are in the master branch yet as they need some testing (and consensus, as some old 0.2.3.x clients are also affected)

Trac:
Owner: rl1987 to TvdW
Status: accepted to assigned
Cc: N/A to TvdW

I'm fine with killing pre-0.2.3.19-alpha clients, modulo the testing issues.

How's the testing coming?

I have a working branch at https://github.com/TvdW/tor/commits/remove-v1v2 and am testing it now (looks good so far). Next step is to see how older clients behave with these patches in place.

Is the removal of always_accept_verify_cb correct?

Should be. V1 support required sometimes sending certificates, sometimes not. This had to be overridden if we saw V2, to make sure we don't send a chain. Instead of doing all this, we now just do :

SSL_CTX_set_verify(result->ctx, SSL_VERIFY_NONE, NULL);

Which has the same result.

We noticed that 0.2.2 clients (maint-0.2.2 branch) could retry failed handshakes after each consensus download, which could potentially turn into each 0.2.2 client attempting to connect to each 0.2.6 server in the network (assuming the network only has 0.2.2 clients and 0.2.6 servers). Maybe bad.

Being a coward, pushing to 0.2.7. We need to figure out the issue with the handful of remaining zombie 0.2.2 clients turning from slow zombies into fast zombies when the network stops supporting them.

Trac:
Milestone: Tor: 0.2.6.x-final to Tor: 0.2.7.x-final

Trac:
Status: assigned to needs_review

The patch is currently broken, no need to review it just yet. I'm planning to fix it asap.

I've got an updated branch on https://github.com/TvdW/tor/tree/remove-v1v2-squash that should fix the merge conflicts.

Marking triaged-out items from first round of 0.2.7 triage.

Trac:
Keywords: N/A deleted, 027-triaged-1-out added

Trac:
Milestone: Tor: 0.2.7.x-final to Tor: 0.2.8.x-final

Trac:
Keywords: N/A deleted, 028-triaged added

Trac:
Points: N/A to small
Sponsor: N/A to N/A

I've made a client-only version of this that removes client code to connect to Tor < 0.2.3.6-alpha, as branch ticket11150_client_only. Moving mention of TvdW's work above to another ticket which covers the server side too.

Patch looks good to me, but please double-check by connecting v1 and v2 clients to a relay running this code. Also, thanks for crediting!

Testing:

• 0.1.2 needs a network with v2 authorities, but the testing network didn't have any. More testing would be needed.
• 0.2.0 connects but doesn't build circuits to the testing network, after some hacking. Must double-check whether behavior is same with un-patched master.
• 0.2.1 bootstraps nice and happily!
• 0.2.2 bootstraps nice and happily!

(In all cases, I had to hack these versions up a little to make them actually willing to look at the consensus from a test network and use it.)

Trac:
Severity: N/A to Normal

Replying to nickm:

Testing:

• 0.2.0 connects but doesn't build circuits to the testing network, after some hacking. Must double-check whether behavior is same with un-patched master.

Double-checked. 0.2.0 has the same problem with master on a testing network that it does with the patch on a testing network.

(0.2.0 also doesn't bootstrap on the regular network.)

Okay; looks good to tvdw and passes tests as above. Merged & closing!

Trac:
Status: needs_review to closed
Resolution: N/A to implemented

closed

mentioned in issue #11151 (moved)

mentioned in issue #32743 (moved)

moved to tpo/core/tor#11150 (closed)

mentioned in issue tpo/core/tor#32743 (moved)

mentioned in issue tpo/core/torspec#11