I figured out v3 onion client auth and wrote a blog post
See it here: https://matt.traudt.xyz/p/FgbdRTFr.html or http://mattttttssi4lhud.onion/p/FgbdRTFr.html or http://zfob4nth675763zthpij33iq4pz5q4qthr3gydih4qbdiwtypr2e3bqd.onion/p/Fgbd... While doing so I opened two tickets: Document the max number of v3 client auths I can make https://trac.torproject.org/projects/tor/ticket/29134 Failing to connect to a v3 onion service with client auth produces really long lines in log https://trac.torproject.org/projects/tor/ticket/29135 Sometimes it seems like advanced features aren't documented very well, so I thought I'd write down what I figured out. I encourage Tor to use this in whatever way makes sense. Matt
Matt Traudt <pastly@torproject.org> writes:
See it here:
https://matt.traudt.xyz/p/FgbdRTFr.html or http://mattttttssi4lhud.onion/p/FgbdRTFr.html or http://zfob4nth675763zthpij33iq4pz5q4qthr3gydih4qbdiwtypr2e3bqd.onion/p/Fgbd...
While doing so I opened two tickets:
Document the max number of v3 client auths I can make https://trac.torproject.org/projects/tor/ticket/29134
Failing to connect to a v3 onion service with client auth produces really long lines in log https://trac.torproject.org/projects/tor/ticket/29135
Sometimes it seems like advanced features aren't documented very well, so I thought I'd write down what I figured out. I encourage Tor to use this in whatever way makes sense.
Hey Matt, thanks for spending the effort to piece together the information that are spilled between man page, changelog and source code. It's really impossible to setup v3 client auth for a non-hacker right now, so your blog post and tickets are appreciated. Let's hope we will find some time and energy to improve this area soon. Cheers!
On 21 Jan (09:30:47), Matt Traudt wrote:
See it here:
https://matt.traudt.xyz/p/FgbdRTFr.html or http://mattttttssi4lhud.onion/p/FgbdRTFr.html or http://zfob4nth675763zthpij33iq4pz5q4qthr3gydih4qbdiwtypr2e3bqd.onion/p/Fgbd...
Thanks for this! I won't repeat what George said but that is that ;). We have yet to create a "tor-genkey" that would be shipped with "tor" and able to generate the keys so for now your python script is great! There is also a bash + openssl one that mtigas created, I put it here: https://git.ini-tech.com/tor-tricks.git/blob/HEAD:/onion-svc-v3-client-auth.... Kind of practical imo since "openssl" cli is basically everywhere.
While doing so I opened two tickets:
Document the max number of v3 client auths I can make https://trac.torproject.org/projects/tor/ticket/29134
Failing to connect to a v3 onion service with client auth produces really long lines in log https://trac.torproject.org/projects/tor/ticket/29135
Yes! That was actually supposed to be fixed but there is still the full descriptor being dumped... Thanks for the ticket! Cheers! David
Sometimes it seems like advanced features aren't documented very well, so I thought I'd write down what I figured out. I encourage Tor to use this in whatever way makes sense.
Matt _______________________________________________ tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
-- BErD0OICcNktLdV8Esdzdpr7ixSIt4z59z0fuS86hag=
participants (3)
-
David Goulet -
George Kadianakis -
Matt Traudt