[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9546 [Tor]: Link handshake fails with "Received unexpected cell command 10" on a bridge



#9546: Link handshake fails with "Received unexpected cell command 10" on a bridge
------------------------------------------------+---------------------------
 Reporter:  zwol                                |          Owner:                    
     Type:  defect                              |         Status:  needs_review      
 Priority:  major                               |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor                                 |        Version:  Tor: 0.2.4.15-rc  
 Keywords:  tor-bridge tor-client 023-backport  |         Parent:                    
   Points:                                      |   Actualpoints:                    
------------------------------------------------+---------------------------

Comment(by arma):

 skruffy points out that it's weird the bridge isn't sending an
 AUTH_CHALLENGE cell.

 Our spec says:
 {{{
    When the in-protocol handshake is used, the initiator sends a
    VERSIONS cell to indicate that it will not be renegotiating.  The
    responder sends a VERSIONS cell, a CERTS cell (4.2 below) to give the
    initiator the certificates it needs to learn the responder's
    identity, an AUTH_CHALLENGE cell (4.3) that the initiator must include
    as part of its answer if it chooses to authenticate, and a NETINFO
    cell (4.5).
 }}}

 Yet our code says
 {{{
     /* If we're a relay that got a connection, ask for authentication. */
     const int send_chall = !started_here &&
 public_server_mode(get_options());
 }}}

 The comment for command_process_auth_challenge_cell() says
 {{{
 /** Process an AUTH_CHALLENGE cell from an OR connection.
  *
  * If we weren't supposed to get one (for example, because we're not the
  * originator of the connection), or it's ill-formed, or we aren't doing a
 v3
  * handshake, mark the connection.  If the cell is well-formed but we
 don't
  * want to authenticate, just drop it.  If the cell is well-formed *and*
 we
  * want to authenticate, send an AUTHENTICATE cell and then a NETINFO
 cell. */
 }}}

 Why do our bridges decide they're too cool to follow the spec? :)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9546#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs