]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c1ad406)
Update the protocol versions recommendations to remove LinkAuth=1
authorNick Mathewson <nickm@torproject.org>
Thu, 23 Aug 2018 15:24:39 +0000 (11:24 -0400)
committerNick Mathewson <nickm@torproject.org>
Fri, 24 Aug 2018 16:31:01 +0000 (12:31 -0400)
LinkAuth method 1 is the one where we pull the TLS master secrets
out of the OpenSSL data structures and authenticate them with
RSA. Right now we list method 1 as required for clients and relays.
That's a problem, since we can't reasonably support it with NSS. So
let's remove it as a requirement and a recommendation.

As for method 3: I'd like to recommend it it, but that would make
0.2.9 start warning.  Let's not do that till at least some time
after 0.3.5 (the next LTS) is stable.

Closes ticket 27286

changes/27286 [new file with mode: 0644] patch | blob
src/or/dirserv.c patch | blob | blame | history

diff --git a/changes/27286 b/changes/27286
new file mode 100644 (file)
index 0000000..5f5f7a4
--- /dev/null
+++ b/changes/27286
@@ -0,0 +1,4 @@
+  o Minor features (directory authorities):
+    - Authorities no longer vote to make the subprotocol version "LinkAuth=1"
+      a requirement: it is unsupportable with NSS, and hasn't been needed
+      since Tor 0.3.0.1-alpha. Closes ticket 27286.
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 08557a6a10f7c6097182fda597a5a02fa2cdac03..a1ccf03e91ae4065dc45f743d2475dfb6bc7c1b7 100644 (file)
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -3082,16 +3082,16 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
   /* These are hardwired, to avoid disaster. */
   v3_out->recommended_relay_protocols =
     tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
-               "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
+               "Link=4 Microdesc=1-2 Relay=2");
   v3_out->recommended_client_protocols =
     tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
-               "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
+               "Link=4 Microdesc=1-2 Relay=2");
   v3_out->required_client_protocols =
     tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
-               "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
+               "Link=4 Microdesc=1-2 Relay=2");
   v3_out->required_relay_protocols =
     tor_strdup("Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
-               "Link=3-4 LinkAuth=1 Microdesc=1 Relay=1-2");
+               "Link=3-4 Microdesc=1 Relay=1-2");
 
   /* We are not allowed to vote to require anything we don't have. */
   tor_assert(protover_all_supported(v3_out->required_relay_protocols, NULL));
Mirror of https://git.torproject.org/tor.git