X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=5782a97c7d48f3e2ae864a103b177799c8c3f761;hb=148a4c9161735a76b0a4ce73ffaaec21d76ca702;hp=778c607b2ba74f9fb9683b2df3414a375ac41e83;hpb=bfce56d473e1e01a8af0260262ca84f09154e71f;p=tinc

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 778c607b..5782a97c 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -379,13 +379,13 @@ bool id_h(connection_t *c, const char *request) {
 		}
 
 		if(experimental)
-			if(!read_ecdsa_public_key(c))
-				return false;
-	} else {
-		if(c->protocol_minor && !ecdsa_active(c->ecdsa))
-			c->protocol_minor = 1;
+			read_ecdsa_public_key(c);
+			/* Ignore failures if no key known yet */
 	}
 
+	if(c->protocol_minor && !ecdsa_active(c->ecdsa))
+		c->protocol_minor = 1;
+
 	/* Forbid version rollback for nodes whose Ed25519 key we know */
 
 	if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {
@@ -730,6 +730,12 @@ static bool upgrade_h(connection_t *c, const char *request) {
 		return false;
 	}
 
+	c->ecdsa = ecdsa_set_base64_public_key(pubkey);
+	if(!c->ecdsa) {
+		logger(DEBUG_ALWAYS, LOG_INFO, "Got bad Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname);
+		return false;
+	}
+
 	logger(DEBUG_ALWAYS, LOG_INFO, "Got Ed25519 public key from %s (%s), upgrading!", c->name, c->hostname);
 	append_config_file(c->name, "Ed25519PublicKey", pubkey);
 	c->allow_request = TERMREQ;
@@ -805,7 +811,6 @@ bool ack_h(connection_t *c, const char *request) {
 	/* Activate this connection */
 
 	c->allow_request = ALL;
-	c->status.active = true;
 
 	logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection with %s (%s) activated", c->name,
 			   c->hostname);