From: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri, 24 Apr 2015 21:40:20 +0000 (+0200)
Subject: Allow one-sided upgrades to Ed25519.
X-Git-Tag: release-1.1pre12~183
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=2059814238320b761fb93608b7f8a114de861302

Allow one-sided upgrades to Ed25519.

This deals with the case where one node knows the Ed25519 key of another node, but not the other
way around. This was blocked by an overly paranoid check in id_h(). The upgrade_h() function already
handled this case, and the node that already knows the other's Ed25519 key checks that it has not
been changed, otherwise the connection will be aborted.
---

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 0882ddfc..2262fbb2 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -386,7 +386,7 @@ bool id_h(connection_t *c, const char *request) {
 
 	/* Forbid version rollback for nodes whose Ed25519 key we know */
 
-	if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {
+	if(ecdsa_active(c->ecdsa) && c->protocol_minor < 1) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) tries to roll back protocol version to %d.%d",
 			c->name, c->hostname, c->protocol_major, c->protocol_minor);
 		return false;
@@ -780,6 +780,8 @@ static bool upgrade_h(connection_t *c, const char *request) {
 	logger(DEBUG_ALWAYS, LOG_INFO, "Got Ed25519 public key from %s (%s), upgrading!", c->name, c->hostname);
 	append_config_file(c->name, "Ed25519PublicKey", pubkey);
 	c->allow_request = TERMREQ;
+	if(c->outgoing)
+		c->outgoing->timeout = 0;
 	return send_termreq(c);
 }