[tor-dev] HSFETCH fails on basic auth services
Razvan Dragomirescu
razvan.dragomirescu at veri.fi
Wed Jun 29 23:10:00 UTC 2016
Thank you Tim! For the record, GETINFO works ok in 0.2.8.4-rc (unstable).
HSFETCH still doesn't and I'll file a bug for it.
Razvan
On Thu, Jun 30, 2016 at 1:28 AM, Tim Wilson-Brown - teor <teor2345 at gmail.com
> wrote:
>
> > On 30 Jun 2016, at 06:42, Razvan Dragomirescu <
> razvan.dragomirescu at veri.fi> wrote:
> >
> > BTW, I have also tried the GETINFO command from the controller to fetch
> the hidden service descriptor directly from the host that has published it,
> but that doesn't work either. Fetching from the client side (after a
> connection) works fine:
> >
> > AUTHENTICATE
> > 250 OK
> > GETINFO hs/client/desc/id/js2usypscw6y6c5e
> > 250+hs/client/desc/id/js2usypscw6y6c5e=
> > rendezvous-service-descriptor 7codget3fmkzj4z3oqia37iknu5iespk
> > ...
> > .
> > 250 OK
> >
> >
> > Fetching from the server side though ....
> >
> > GETINFO hs/service/desc/id/js2usypscw6y6c5e
> > 552 Unrecognized key "hs/service/desc/id/js2usypscw6y6c5e"
> >
> > Any ideas? I'm running Tor 0.2.7.6 btw. This also appears to happen with
> non-authenticated services, but the hs/service/desc/id/<ADDR> was supposed
> to have been merged back in 0.2.7.1 (??).
>
> Perhaps GETINFO only looks in the HS cache, but hidden services don't
> cache their own descriptors?
>
> > On Wed, Jun 29, 2016 at 11:14 PM, Razvan Dragomirescu <
> razvan.dragomirescu at veri.fi> wrote:
> > Hello everyone,
> >
> > I seem to have found an issue (bug?) with the controller HSFETCH command
> - I can't seem to be able to fetch hidden service descriptors for services
> that use basic authentication. Tor appears to want to decrypt the
> introduction points for some reason and also fails to look at the
> HidServAuth directive. Connections (via SOCKS proxy for instance) to said
> service work fine, so Tor is configured correctly, but HSFETCH fails and
> Tor outputs this in the logs:
> >
> > Jun 29 20:08:53.000 [warn] Failed to parse introduction points. Either
> the service has published a corrupt descriptor or you have provided invalid
> authorization data.
> >
> > Jun 29 20:08:53.000 [warn] Fetching v2 rendezvous descriptor failed.
> Retrying at another directory.
> >
> > Is this a known issue? Is there another way to fetch the descriptor of a
> hidden service? I really don't want it to be published since I'm rewriting
> it anyway, but I need to fetch it somehow. I can use
> "PublishHidServDescriptors 0" to stop it from publishing the service at all
> but I have no idea how to fetch it from the local cache. Any controller
> commands for that?
> >
> > To summarize - HSFETCH appears to fail for hidden services with basic
> auth and I couldn't find a way to obtain the hidden service descriptor from
> the hidden service machine itself before publishing. Any advice would be
> appreciated.
>
> Perhaps HSFETCH only looks in the HS cache, but hidden services don't
> cache their own descriptors?
> Perhaps HSFETCH doesn't look at HidServAuth?
> Perhaps HSFETCH shouldn't try to decrypt the descriptor before delivering
> it? Perhaps it should?
>
> I encourage you to log an issue for each of these in our bug tracker at
> https://trac.torproject.org/
>
> Tim
>
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP 968F094B
> ricochet:ekmygaiu4rzgsk6n
>
>
>
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160630/b9a925a3/attachment.html>
More information about the tor-dev
mailing list