From 6062df4a0fa6214d21ac83d885087e9dbdac3f39 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 7 Dec 2014 21:42:20 +0100 Subject: [PATCH] Better log messages when we already know the peer's key during an upgrade. If the peer presents a different one from the one we already know, log an error. Otherwise, log an informational message, and terminate in the same way as we would if we didn't already have that key. --- src/protocol_auth.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 5782a97c..84aece0f 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -726,8 +726,16 @@ static bool upgrade_h(connection_t *c, const char *request) { } if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) { - logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname); - return false; + char *knownkey = ecdsa_get_base64_public_key(c->ecdsa); + bool different = strcmp(knownkey, pubkey); + free(knownkey); + if(different) { + logger(DEBUG_ALWAYS, LOG_ERR, "Already have an Ed25519 public key from %s (%s) which is different from the one presented now!", c->name, c->hostname); + return false; + } + logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), ignoring.", c->name, c->hostname); + c->allow_request = TERMREQ; + return send_termreq(c); } c->ecdsa = ecdsa_set_base64_public_key(pubkey);