removed client_verification_required check from handshake, clients must request client verification status from server by sending empty payload to /client_verification

psiphon/controller.go

@@ -589,9 +589,7 @@ loop:
 				break
 			}
 
-			if clientVerificationPayload != "" {
-				establishedTunnel.SetClientVerificationPayload(clientVerificationPayload)
-			}
+			establishedTunnel.SetClientVerificationPayload(clientVerificationPayload)
 
 			NoticeActiveTunnel(establishedTunnel.serverEntry.IpAddress, establishedTunnel.protocol)
 

psiphon/serverApi.go

@@ -167,17 +167,13 @@ func (serverContext *ServerContext) doHandshakeRequest() error {
 	// - 'preemptive_reconnect_lifetime_milliseconds' is currently unused
 	// - 'ssh_session_id' is ignored; client session ID is used instead
 	var handshakeResponse struct {
-		Homepages                     []string            `json:"homepages"`
-		UpgradeClientVersion          string              `json:"upgrade_client_version"`
-		PageViewRegexes               []map[string]string `json:"page_view_regexes"`
-		HttpsRequestRegexes           []map[string]string `json:"https_request_regexes"`
-		EncodedServerList             []string            `json:"encoded_server_list"`
-		ClientRegion                  string              `json:"client_region"`
-		ServerTimestamp               string              `json:"server_timestamp"`
-		ClientVerificationRequired    bool                `json:"client_verification_required"`
-		ClientVerificationServerNonce string              `json:"client_verification_server_nonce"`
-		ClientVerificationTTLSeconds  int                 `json:"client_verification_ttl_seconds"`
-		ClientVerificationResetCache  bool                `json:"client_verification_reset_cache"`
+		Homepages            []string            `json:"homepages"`
+		UpgradeClientVersion string              `json:"upgrade_client_version"`
+		PageViewRegexes      []map[string]string `json:"page_view_regexes"`
+		HttpsRequestRegexes  []map[string]string `json:"https_request_regexes"`
+		EncodedServerList    []string            `json:"encoded_server_list"`
+		ClientRegion         string              `json:"client_region"`
+		ServerTimestamp      string              `json:"server_timestamp"`
 	}
 	err := json.Unmarshal(response, &handshakeResponse)
 	if err != nil {
@@ -243,12 +239,6 @@ func (serverContext *ServerContext) doHandshakeRequest() error {
 
 	serverContext.serverHandshakeTimestamp = handshakeResponse.ServerTimestamp
 
-	if handshakeResponse.ClientVerificationRequired {
-		NoticeClientVerificationRequired(handshakeResponse.ClientVerificationServerNonce,
-			handshakeResponse.ClientVerificationTTLSeconds,
-			handshakeResponse.ClientVerificationResetCache)
-	}
-
 	return nil
 }
 

psiphon/tunnel.go

@@ -871,10 +871,10 @@ func (tunnel *Tunnel) operateTunnel(tunnelOwner TunnelOwner) {
 	go func() {
 		defer requestsWaitGroup.Done()
 
-		clientVerificationPayload := ""
+		clientVerificationRequestFailed := false
 		for {
 			// TODO: use reflect.SelectCase?
-			if clientVerificationPayload == "" {
+			if clientVerificationRequestFailed == false {
 				select {
 				case clientVerificationPayload = <-tunnel.newClientVerificationPayload:
 				case <-signalStopClientVerificationRequests:
@@ -893,7 +893,9 @@ func (tunnel *Tunnel) operateTunnel(tunnelOwner TunnelOwner) {
 				}
 			}
 			if sendClientVerification(tunnel, clientVerificationPayload) {
-				clientVerificationPayload = ""
+				clientVerificationRequestFailed = false
+			} else {
+				clientVerificationRequestFailed = true
 			}
 
 		}