Opened 3 months ago

Last modified 4 weeks ago

#28966 assigned defect

HSv3 client auth insufficiently documented (was: HiddenServiceAuthorizeClient incompatible)

Reported by: roo Owned by: dgoulet
Priority: High Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Minor Keywords: tor-hs, client-auth, hsv3, postfreeze-ok, 040-must
Cc: asn, dgoulet Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


According to this should be working.

HiddenServiceDir /var/lib/tor/keys/test
#HiddenServiceVersion 3
HiddenServicePort 80
HiddenServiceAuthorizeClient basic WUzZTg3OGQ

Dec 31 08:01:15.428 [notice] Tor (git-f4874765eabf1596) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1a, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Dec 31 08:01:15.428 [notice] Tor can't help you if you use it wrong! Learn how to be safe at
Dec 31 08:01:15.428 [notice] Read configuration file "/etc/tor/torrc".
Dec 31 08:01:15.431 [warn] Hidden service option HiddenServiceAuthorizeClient is incompatible with version 3 of service in /var/lib/tor/keys/test
Dec 31 08:01:15.431 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Dec 31 08:01:15.431 [err] Reading config failed--see warnings above.

Child Tickets

Change History (6)

comment:1 Changed 3 months ago by nickm

Cc: asn dgoulet added
Keywords: tor-hs added
Milestone: Tor: 0.4.0.x-final

comment:2 Changed 2 months ago by asn

Keywords: client-auth hsv3 added
Summary: HiddenServiceAuthorizeClient incompatibleHSv3 client auth insufficiently documented (was: HiddenServiceAuthorizeClient incompatible)

You are supposed to use the ClientOnionAuthDir for the client-side here.

Our docs are very bad here so this ticket is perfectly valid. We don't even mention the client-side in the Client Authorization section of the man page...

Also maybe we should give out some friendly information when someone tries to use the old client autorization torrc option with v3, so that people don't need to guess what they need to do.

Repurposing ticket. Thanks for this.

comment:3 Changed 2 months ago by nickm

Keywords: postfreeze-ok added

Mark some tickets as postfreeze-ok, to indicate that I think they are okay to accept in 0.4.0 post-freeze. Does not indicate that they are all necessary to do postfreeze.

comment:4 Changed 4 weeks ago by nickm

Keywords: 040-must added

Marking tickets as 040-must based on triage with dgoulet.

comment:5 Changed 4 weeks ago by nickm

Priority: LowHigh

comment:6 Changed 4 weeks ago by dgoulet

Owner: set to dgoulet
Status: newassigned
Note: See TracTickets for help on using tickets.