j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Enable the SPTPS protocol by default.

Browse source
This commit is contained in:
Guus Sliepen 2013-05-10 21:11:45 +02:00
parent ee34ac3d61
commit c83c2d080f
4 changed files with 7 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
doc/tinc.conf.5.in
View file

@ -274,14 +274,12 @@ The file in which the private ECDSA key of this tinc daemon resides.
This is only used if
.Va ExperimentalProtocol
is enabled.
.It Va ExperimentalProtocol Li = yes | no Po no Pc Bq experimental
When this option is enabled, experimental protocol enhancements will be used.
.It Va ExperimentalProtocol Li = yes | no Pq yes
When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
Ephemeral ECDH will be used for key exchanges,
and ECDSA will be used instead of RSA for authentication.
When enabled, an ECDSA key must have been generated before with
.Nm tinc generate-ecdsa-keys .
The experimental protocol may change at any time,
and there is no guarantee that tinc will run stable when it is used.
.It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
This option selects the way indirect packets are forwarded.
.Bl -tag -width indent

6
doc/tinc.texi
View file

@ -1002,14 +1002,12 @@ The file in which the private ECDSA key of this tinc daemon resides.
This is only used if ExperimentalProtocol is enabled.
@cindex ExperimentalProtocol
@item ExperimentalProtocol = <yes|no> (no) [experimental]
When this option is enabled, experimental protocol enhancements will be used.
@item ExperimentalProtocol = <yes|no> (yes)
When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
Ephemeral ECDH will be used for key exchanges,
and ECDSA will be used instead of RSA for authentication.
When enabled, an ECDSA key must have been generated before with
@samp{tinc generate-ecdsa-keys}.
The experimental protocol may change at any time,
and there is no guarantee that tinc will run stable when it is used.
@cindex Forwarding
@item Forwarding = <off|internal|kernel> (internal) [experimental]

2
src/net_setup.c
View file

@ -192,6 +192,8 @@ static bool read_ecdsa_private_key(void) {
if(!fp) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA private key file `%s': %s", fname, strerror(errno));
if(errno == ENOENT)
logger(DEBUG_ALWAYS, LOG_INFO, "Create an ECDSA keypair with `tinc -n %s generate-ecdsa-keys'.", netname ?: ".");
free(fname);
return false;
}

2
src/protocol.c
View file

@ -30,7 +30,7 @@
bool tunnelserver = false;
bool strictsubnets = false;
bool experimental = false;
bool experimental = true;
/* Jumptable for the request handlers */