mig5
commented
4 years ago Sorry, I just got clarification on the tor-dev mailing list:
https://lists.torproject.org/pipermail/tor-dev/2020-June/014375.html
All this time, I thought that ONION_CLIENT_AUTH_ADD was a control port command to add Client Auth on the onion service server side. It turns out this was a mistake, it's for client side (e.g Tor Browsers).
Whilst it may still be a useful feature for Stem to support, it doesn't help our use case over at OnionShare in terms of enabling Client Auth for v3 onions.
I actually wrote the Stem support for ONION_CLIENT_AUTH_ADD today (without tests etc yet), I might contribute it anyway later :)
atagar
Hi,
I couldn't find any ticket or work on this so thought I'd open a ticket to track it.
Now that Client Authentication has landed for v3 and has been popularized via Tor Browser 9.5's release, the OnionShare team is being regularly asked why we don't support it yet.
As far as I can tell, since we use ephemeral onions exclusively via Stem, we would need Stem to support it. By the looks of it, only v2 auth is supported at this time via the
basic_authparameter tocreate_ephemeral_onion_service().This commit to the Tor core project added Control Port support for adding v3 Client Auth via the
ONION_CLIENT_AUTH_ADDcommand https://github.com/torproject/tor/commit/00fdaaee1e3cdfe40230a866c497d3648c43940cWill gladly help if I can, but not sure exactly how to go about it in Stem. I can see you call
ADD_ONIONwith the BasicAuth flag, I'm not sure if we have to callONION_CLIENT_AUTH_ADDafter we've calledADD_ONION, meaning we have already published the descriptor? I'm guessing so since Tor validates the v3 address as part of that function https://github.com/torproject/tor/commit/00fdaaee1e3cdfe40230a866c497d3648c43940c#diff-20089616ed928fbc29bd570b740c0189R100Did you have any specific ideas on how you wanted to go about the implementation?