Opened 5 months ago

Last modified 7 days ago

#28966 assigned defect

HSv3 client auth insufficiently documented (was: HiddenServiceAuthorizeClient incompatible)

Reported by: roo Owned by: asn
Priority: High Milestone: Tor: 0.4.1.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Minor Keywords: tor-hs, client-auth, hsv3, postfreeze-ok, network-team-roadmap-2019-Q1Q2, 041-should
Cc: asn, dgoulet Actual Points:
Parent ID: #14389 Points: 0.5
Reviewer: Sponsor: Sponsor27-must


According to this should be working.

HiddenServiceDir /var/lib/tor/keys/test
#HiddenServiceVersion 3
HiddenServicePort 80
HiddenServiceAuthorizeClient basic WUzZTg3OGQ

Dec 31 08:01:15.428 [notice] Tor (git-f4874765eabf1596) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1a, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Dec 31 08:01:15.428 [notice] Tor can't help you if you use it wrong! Learn how to be safe at
Dec 31 08:01:15.428 [notice] Read configuration file "/etc/tor/torrc".
Dec 31 08:01:15.431 [warn] Hidden service option HiddenServiceAuthorizeClient is incompatible with version 3 of service in /var/lib/tor/keys/test
Dec 31 08:01:15.431 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Dec 31 08:01:15.431 [err] Reading config failed--see warnings above.

Child Tickets

Change History (12)

comment:1 Changed 5 months ago by nickm

Cc: asn dgoulet added
Keywords: tor-hs added
Milestone: Tor: 0.4.0.x-final

comment:2 Changed 5 months ago by asn

Keywords: client-auth hsv3 added
Summary: HiddenServiceAuthorizeClient incompatibleHSv3 client auth insufficiently documented (was: HiddenServiceAuthorizeClient incompatible)

You are supposed to use the ClientOnionAuthDir for the client-side here.

Our docs are very bad here so this ticket is perfectly valid. We don't even mention the client-side in the Client Authorization section of the man page...

Also maybe we should give out some friendly information when someone tries to use the old client autorization torrc option with v3, so that people don't need to guess what they need to do.

Repurposing ticket. Thanks for this.

comment:3 Changed 4 months ago by nickm

Keywords: postfreeze-ok added

Mark some tickets as postfreeze-ok, to indicate that I think they are okay to accept in 0.4.0 post-freeze. Does not indicate that they are all necessary to do postfreeze.

comment:4 Changed 3 months ago by nickm

Keywords: 040-must added

Marking tickets as 040-must based on triage with dgoulet.

comment:5 Changed 3 months ago by nickm

Priority: LowHigh

comment:6 Changed 3 months ago by dgoulet

Owner: set to dgoulet
Status: newassigned

comment:7 Changed 2 months ago by teor

Owner: changed from dgoulet to asn

dgoulet is on leave, so I guess the next best person is asn.

comment:8 Changed 2 months ago by asn

Keywords: 040-must removed
Milestone: Tor: 0.4.0.x-finalTor: 0.4.1.x-final
Points: 0.3

I dont think I have the capacity to do this in the 040 timeframe.
Removing 040-must and if I manage to fit it in, I will submit a patch in time.

comment:9 Changed 6 weeks ago by teor

Parent ID: #27544

comment:10 Changed 5 weeks ago by asn

Parent ID: #27544#14389
Points: 0.30.5
Sponsor: Sponsor27-must

comment:11 Changed 9 days ago by gaba

Keywords: network-team-roadmap-2019-Q1Q2 added

comment:12 Changed 7 days ago by nickm

Keywords: 041-should added
Note: See TracTickets for help on using tickets.