|
|
@@ -49,6 +49,7 @@
|
|
|
#include "proto_cell.h"
|
|
|
#include "reasons.h"
|
|
|
#include "relay.h"
|
|
|
+#include "rendcommon.h"
|
|
|
#include "rephist.h"
|
|
|
#include "router.h"
|
|
|
#include "routerkeys.h"
|
|
|
@@ -1677,10 +1678,13 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
|
|
|
conn->identity_digest);
|
|
|
const int is_authority_fingerprint = router_digest_is_trusted_dir(
|
|
|
conn->identity_digest);
|
|
|
+ const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options);
|
|
|
int severity;
|
|
|
const char *extra_log = "";
|
|
|
|
|
|
- if (server_mode(options)) {
|
|
|
+ /* Relays, Single Onion Services, and Tor2web make direct connections using
|
|
|
+ * untrusted authentication keys. */
|
|
|
+ if (server_mode(options) || non_anonymous_mode) {
|
|
|
severity = LOG_PROTOCOL_WARN;
|
|
|
} else {
|
|
|
if (using_hardcoded_fingerprints) {
|
|
|
@@ -1704,8 +1708,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
|
|
|
}
|
|
|
|
|
|
log_fn(severity, LD_HANDSHAKE,
|
|
|
- "Tried connecting to router at %s:%d, but RSA identity key was not "
|
|
|
- "as expected: wanted %s + %s but got %s + %s.%s",
|
|
|
+ "Tried connecting to router at %s:%d, but RSA + ed25519 identity "
|
|
|
+ "keys were not as expected: wanted %s + %s but got %s + %s.%s",
|
|
|
conn->base_.address, conn->base_.port,
|
|
|
expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log);
|
|
|
|
|
|
@@ -1722,8 +1726,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
|
|
|
}
|
|
|
|
|
|
if (!expected_ed_key && ed_peer_id) {
|
|
|
- log_info(LD_HANDSHAKE, "(we had no Ed25519 ID in mind when we made this "
|
|
|
- "connection.");
|
|
|
+ log_info(LD_HANDSHAKE, "(We had no Ed25519 ID in mind when we made this "
|
|
|
+ "connection.)");
|
|
|
connection_or_set_identity_digest(conn,
|
|
|
(const char*)rsa_peer_id, ed_peer_id);
|
|
|
changed_identity = 1;
|
Nick Mathewson