X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=abde7772c40aedcd8f8dcb050ae3755b354cba01;hb=f57d53c3ad9af89489e15a8cfd94b56937bf3179;hp=e838f6135578ea8d8dcd3db2dcd6fe14e89e1bc9;hpb=b0d80c7f28528c2c8857c5662b4aca779b3184bb;p=tinc

diff --git a/src/protocol_key.c b/src/protocol_key.c
index e838f613..abde7772 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -41,7 +41,7 @@ void send_key_changed(void) {
 	/* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
 
 	for list_each(connection_t, c, connection_list)
-		if(c->status.active && c->node && c->node->status.reachable && !c->node->status.sptps)
+		if(c->edge && c->node && c->node->status.reachable && !c->node->status.sptps)
 			send_ans_key(c->node);
 
 	/* Force key exchange for connections using SPTPS */
@@ -124,6 +124,11 @@ bool send_req_key(node_t *to) {
 static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, int reqno) {
 	switch(reqno) {
 		case REQ_PUBKEY: {
+			if(!node_read_ecdsa_public_key(from)) {
+				/* Request their key *before* we send our key back. Otherwise the first SPTPS packet from them will get dropped. */
+				logger(DEBUG_PROTOCOL, LOG_DEBUG, "Preemptively requesting Ed25519 key for %s (%s)", from->name, from->hostname);
+				send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY);
+			}
 			char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa);
 			send_request(from->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, from->name, ANS_PUBKEY, pubkey);
 			free(pubkey);