}
/* Now, we handle everything that isn't a .onion address. */
- if (addresstype != ONION_V3_HOSTNAME) {
+ if (addresstype != ONION_V3_HOSTNAME && addresstype != ONION_V2_HOSTNAME) {
/* Not a hidden-service request. It's either a hostname or an IP,
* possibly with a .exit that we stripped off. We're going to check
* if we're allowed to connect/resolve there, and then launch the
return 0;
} else {
/* If we get here, it's a request for a .onion address! */
+
+ /* We don't support v2 onions anymore. Log a warning and bail. */
+ if (addresstype == ONION_V2_HOSTNAME) {
+ log_warn(LD_PROTOCOL, "Tried to connect to a v2 onion address, but this "
+ "version of Tor no longer supports them. Please encourage the "
+ "site operator to upgrade. For more information see "
+ "https://blog.torproject.org/v2-deprecation-timeline.");
+ control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
+ escaped(socks->address));
+ connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
+ return -1;
+ }
+
tor_assert(addresstype == ONION_V3_HOSTNAME);
tor_assert(!automap);
return connection_ap_handle_onion(conn, socks, circ);
projects / thirdparty / tor.git / commitdiff
