[tor-dev] HSFETCH fails on basic auth services

Tim Wilson-Brown - teor teor2345 at gmail.com
Wed Jun 29 22:28:04 UTC 2016

> On 30 Jun 2016, at 06:42, Razvan Dragomirescu <razvan.dragomirescu at veri.fi> wrote:
> BTW, I have also tried the GETINFO command from the controller to fetch the hidden service descriptor directly from the host that has published it, but that doesn't work either.  Fetching from the client side (after a connection) works fine:
> 250 OK
> GETINFO hs/client/desc/id/js2usypscw6y6c5e
> 250+hs/client/desc/id/js2usypscw6y6c5e=
> rendezvous-service-descriptor 7codget3fmkzj4z3oqia37iknu5iespk
> ...
> .
> 250 OK
> Fetching from the server side though ....
> GETINFO hs/service/desc/id/js2usypscw6y6c5e
> 552 Unrecognized key "hs/service/desc/id/js2usypscw6y6c5e"
> Any ideas? I'm running Tor btw. This also appears to happen with non-authenticated services, but the hs/service/desc/id/<ADDR> was supposed to have been merged back in (??).

Perhaps GETINFO only looks in the HS cache, but hidden services don't cache their own descriptors?

> On Wed, Jun 29, 2016 at 11:14 PM, Razvan Dragomirescu <razvan.dragomirescu at veri.fi> wrote:
> Hello everyone,
> I seem to have found an issue (bug?) with the controller HSFETCH command - I can't seem to be able to fetch hidden service descriptors for services that use basic authentication. Tor appears to want to decrypt the introduction points for some reason and also fails to look at the HidServAuth directive. Connections (via SOCKS proxy for instance) to said service work fine, so Tor is configured correctly, but HSFETCH fails and Tor outputs this in the logs:
> Jun 29 20:08:53.000 [warn] Failed to parse introduction points. Either the service has published a corrupt descriptor or you have provided invalid authorization data.
> Jun 29 20:08:53.000 [warn] Fetching v2 rendezvous descriptor failed. Retrying at another directory.
> Is this a known issue? Is there another way to fetch the descriptor of a hidden service? I really don't want it to be published since I'm rewriting it anyway, but I need to fetch it somehow. I can use "PublishHidServDescriptors 0" to stop it from publishing the service at all but I have no idea how to fetch it from the local cache. Any controller commands for that?
> To summarize - HSFETCH appears to fail for hidden services with basic auth and I couldn't find a way to obtain the hidden service descriptor from the hidden service machine itself before publishing. Any advice would be appreciated.

Perhaps HSFETCH only looks in the HS cache, but hidden services don't cache their own descriptors?
Perhaps HSFETCH doesn't look at HidServAuth?
Perhaps HSFETCH shouldn't try to decrypt the descriptor before delivering it? Perhaps it should?

I encourage you to log an issue for each of these in our bug tracker at https://trac.torproject.org/


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160630/282863be/attachment.sig>

More information about the tor-dev mailing list