From: Guus Sliepen Date: Fri, 24 Apr 2015 21:40:20 +0000 (+0200) Subject: Allow one-sided upgrades to Ed25519. X-Git-Tag: release-1.1pre12~183 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=2059814238320b761fb93608b7f8a114de861302;p=tinc Allow one-sided upgrades to Ed25519. This deals with the case where one node knows the Ed25519 key of another node, but not the other way around. This was blocked by an overly paranoid check in id_h(). The upgrade_h() function already handled this case, and the node that already knows the other's Ed25519 key checks that it has not been changed, otherwise the connection will be aborted. --- diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 0882ddfc..2262fbb2 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -386,7 +386,7 @@ bool id_h(connection_t *c, const char *request) { /* Forbid version rollback for nodes whose Ed25519 key we know */ - if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) { + if(ecdsa_active(c->ecdsa) && c->protocol_minor < 1) { logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) tries to roll back protocol version to %d.%d", c->name, c->hostname, c->protocol_major, c->protocol_minor); return false; @@ -780,6 +780,8 @@ static bool upgrade_h(connection_t *c, const char *request) { logger(DEBUG_ALWAYS, LOG_INFO, "Got Ed25519 public key from %s (%s), upgrading!", c->name, c->hostname); append_config_file(c->name, "Ed25519PublicKey", pubkey); c->allow_request = TERMREQ; + if(c->outgoing) + c->outgoing->timeout = 0; return send_termreq(c); }