Allow running tinc without RSA keys.

This allows one to run tinc with only Ed25519 keys, forcing tinc to
always use the SPTPS protocol.

src/net_setup.c

@@ -277,6 +277,8 @@ static bool read_rsa_private_key(void) {
 	if(!fp) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA private key file `%s': %s",
 			   fname, strerror(errno));
+		if(errno == ENOENT)
+			logger(DEBUG_ALWAYS, LOG_INFO, "Create an RSA keypair with `tinc -n %s generate-rsa-keys'.", netname ?: ".");
 		free(fname);
 		return false;
 	}
@@ -780,8 +782,14 @@ static bool setup_myself(void) {
 			return false;
 	}
 
-	if(!read_rsa_private_key())
-		return false;
+	if(!read_rsa_private_key()) {
+		if(experimental) {
+			logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled.");
+		} else {
+			logger(DEBUG_ALWAYS, LOG_ERR, "No private keys available, cannot start tinc!");
+			return false;
+		}
+	}
 
 	/* Ensure myport is numeric */
 

src/protocol_auth.c

@@ -412,6 +412,11 @@ bool id_h(connection_t *c, const char *request) {
 }
 
 bool send_metakey(connection_t *c) {
+	if(!myself->connection->rsa) {
+		logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname);
+		return false;
+	}
+
 	if(!read_rsa_public_key(c))
 		return false;
 
@@ -478,6 +483,9 @@ bool send_metakey(connection_t *c) {
 }
 
 bool metakey_h(connection_t *c, const char *request) {
+	if(!myself->connection->rsa)
+		return false;
+
 	char hexkey[MAX_STRING_SIZE];
 	int cipher, digest, maclength, compression;
 	const size_t len = rsa_size(myself->connection->rsa);
@@ -560,6 +568,9 @@ bool send_challenge(connection_t *c) {
 }
 
 bool challenge_h(connection_t *c, const char *request) {
+	if(!myself->connection->rsa)
+		return false;
+
 	char buffer[MAX_STRING_SIZE];
 	const size_t len = rsa_size(myself->connection->rsa);
 	size_t digestlen = digest_length(c->indigest);