[tor-dev] ClientAuthV3 for v3 onions via Tor controller is accepted by ADD_ONION but seems to get ignored

Miguel Jacq mig at mig5.net
Mon May 3 20:59:39 UTC 2021

Hello again, just to add some clarification to what I realise is a confusing output below:

On Mon, May 03, 2021 at 04:38:07PM +1000, Miguel Jacq wrote:
> ```
> user at onionshare:~$ sudo telnet localhost 9051
> Trying ::1...
> Trying
> Connected to localhost.
> Escape character is '^]'.
> authenticate ""
> 250 OK
> ADD_ONION ED25519-V3:MNkxu0oI0CX6Oq1AEroRGSAiqXurEbzBdraDKJB1pkNkl9hNCr+bagdAg7gA4F3M/FrF7BHBdh5zdvkHB7oO4w== ClientAuthV3=FGTORMIDKR7T2PR632HSHLWA4G6HF5TCWSGMHDUU4LWBEFTAVYQQ Flags=V3Auth Port=80,9735
> 250-ServiceID=rujvluxdgiibem3odopgkgiiajgtwfbdgkuqfyydhl5qupotpwyxjaid
> 250 OK
> ```

The public key is different in the request and response here, that's my copy-paste fail.. I had 'lost' the original private key and wanted to provide a valid pair for someone to troubleshoot with. As a result I amended my output here to show the new public key being sent in the ADD_ONION, but forgot to update it in the returned response from my earlier attempt. Sorry if it added confusion.

The problem still stands that the ClientAuthV3 key is accepted by ADD_ONION in the nightly/alpha Tor, but it doesn't then seem to be enforced when viewing the onion service.. unless I'm doing something wrong.

Appreciate any help, cheers!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20210504/ac313055/attachment.sig>

More information about the tor-dev mailing list