Allow one-sided upgrades to Ed25519.
This deals with the case where one node knows the Ed25519 key of another node, but not the other way around. This was blocked by an overly paranoid check in id_h(). The upgrade_h() function already handled this case, and the node that already knows the other's Ed25519 key checks that it has not been changed, otherwise the connection will be aborted.
This commit is contained in:
Guus Sliepen
parent
3def9d2ad8
commit
2059814238
1 changed files with 3 additions and 1 deletions
|
|
@ -386,7 +386,7 @@ bool id_h(connection_t *c, const char *request) {
|
|||
|
||||
/* Forbid version rollback for nodes whose Ed25519 key we know */
|
||||
|
||||
if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {
|
||||
if(ecdsa_active(c->ecdsa) && c->protocol_minor < 1) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) tries to roll back protocol version to %d.%d",
|
||||
c->name, c->hostname, c->protocol_major, c->protocol_minor);
|
||||
return false;
|
||||
|
|
@ -780,6 +780,8 @@ static bool upgrade_h(connection_t *c, const char *request) {
|
|||
logger(DEBUG_ALWAYS, LOG_INFO, "Got Ed25519 public key from %s (%s), upgrading!", c->name, c->hostname);
|
||||
append_config_file(c->name, "Ed25519PublicKey", pubkey);
|
||||
c->allow_request = TERMREQ;
|
||||
if(c->outgoing)
|
||||
c->outgoing->timeout = 0;
|
||||
return send_termreq(c);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue