X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=84aece0fdfd489d3142f97d8dd2042f2e413e9fd;hb=9d48d5b7d48ad23e23eae02feae69bdc5ae80c8e;hp=be90d92bfe5a619ddcb01a915bfc72101cf0d55f;hpb=660a2c7d1bf7f5fba905b525bc7c3b9a5ac2ec99;p=tinc

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index be90d92b..84aece0f 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -381,11 +381,11 @@ bool id_h(connection_t *c, const char *request) {
 		if(experimental)
 			read_ecdsa_public_key(c);
 			/* Ignore failures if no key known yet */
-	} else {
-		if(c->protocol_minor && !ecdsa_active(c->ecdsa))
-			c->protocol_minor = 1;
 	}
 
+	if(c->protocol_minor && !ecdsa_active(c->ecdsa))
+		c->protocol_minor = 1;
+
 	/* Forbid version rollback for nodes whose Ed25519 key we know */
 
 	if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {
@@ -726,8 +726,16 @@ static bool upgrade_h(connection_t *c, const char *request) {
 	}
 
 	if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) {
-		logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname);
-		return false;
+		char *knownkey = ecdsa_get_base64_public_key(c->ecdsa);
+		bool different = strcmp(knownkey, pubkey);
+		free(knownkey);
+		if(different) {
+			logger(DEBUG_ALWAYS, LOG_ERR, "Already have an Ed25519 public key from %s (%s) which is different from the one presented now!", c->name, c->hostname);
+			return false;
+		}
+		logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), ignoring.", c->name, c->hostname);
+		c->allow_request = TERMREQ;
+		return send_termreq(c);
 	}
 
 	c->ecdsa = ecdsa_set_base64_public_key(pubkey);