Fix a comment that misunderstood is_canonical

is_canonical doesn't mean "am I connected to the one true address of
this relay"; it means "does this relay tell me that the address I'm
connected to belong to it."  The point is to prevent TCP-based MITM,
not to prevent the relay from multi-homing.

Related to 22890.

diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 7f6882448253f3df683a39280d33815600a41f2e..82778131863b1679decf018e545aee5e19b355a7 100644 (file)
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1793,12 +1793,11 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
       return;
     }
     /* A relay can connect from anywhere and be canonical, so
-     * long as it tells you from where it came. This may be a bit
-     * concerning.. Luckily we have another check in
-     * channel_tls_matches_target_method() to ensure that extends
-     * only go to the IP they ask for.
-     *
-     * XXX: Bleh. That check is not used if the connection is canonical.
+     * long as it tells you from where it came. This may sound a bit
+     * concerning... but that's what "canonical" means: that the
+     * address is one that the relay itself has claimed.  The relay
+     * might be doing something funny, but nobody else is doing a MITM
+     * on the relay's TCP.
      */
     if (tor_addr_eq(&addr, &(chan->conn->real_addr))) {
       connection_or_set_canonical(chan->conn, 1);