Make bridges send AUTH_CHALLENGE cells

The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.

diff --git a/bug9546 b/bug9546
deleted file mode 100644 (file)
index 8596eac..0000000
--- a/bug9546
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes:
-
-    - When a relay is extending a circuit to a bridge, it needs to send a
-      NETINFO cell, even when the bridge hasn't sent an AUTH_CHALLENGE
-      cell. Fixes bug 9546; bugfix on ????.

diff --git a/changes/bug9546 b/changes/bug9546
new file mode 100644 (file)
index 0000000..2145e35
--- /dev/null
+++ b/changes/bug9546
@@ -0,0 +1,11 @@
+  o Major bugfixes:
+
+    - When a relay is extending a circuit to a bridge, it needs to send a
+      NETINFO cell, even when the bridge hasn't sent an AUTH_CHALLENGE
+      cell. Fixes bug 9546; bugfix on 0.2.3.6-alpha.
+
+    - Bridges send AUTH_CHALLENGE cells during their handshakes; previously
+      they did not, which prevented relays from successfully connecting
+      to a bridge for self-test or bandwidth testing. Fixes bug 9546;
+      bugfix on 0.2.3.6-alpha.
+

diff --git a/src/or/command.c b/src/or/command.c
index 26e4e6897f6b3f0a196bed2b2ad9a9e70b0b5e04..61e1e13a71af9b531fceb1eedc39372fe0f75330 100644 (file)
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -755,8 +755,8 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
     const int send_versions = !started_here;
     /* If we want to authenticate, send a CERTS cell */
     const int send_certs = !started_here || public_server_mode(get_options());
-    /* If we're a relay that got a connection, ask for authentication. */
-    const int send_chall = !started_here && public_server_mode(get_options());
+    /* If we're a host that got a connection, ask for authentication. */
+    const int send_chall = !started_here;
     /* If our certs cell will authenticate us, we can send a netinfo cell
      * right now. */
     const int send_netinfo = !started_here;

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 56c6ed520aea0359cf69c7b8512af86ad7660d74..fbb7c31e046ef5a6815ba6860fdcefd01ce58d54 100644 (file)
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2144,7 +2144,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
     const tor_cert_t *id_cert=NULL, *link_cert=NULL;
     const digests_t *my_digests, *their_digests;
     const uint8_t *my_id, *their_id, *client_id, *server_id;
-    if (tor_tls_get_my_certs(0, &link_cert, &id_cert))
+    if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
       return -1;
     my_digests = tor_cert_get_id_digests(id_cert);
     their_digests = tor_cert_get_id_digests(conn->handshake_state->id_cert);