Fix check for presence of ECDSA public key for outgoing connections.

At this point, c->config_tree may or may not be NULL, but this does not tell us whether it is an
outgoing connection or not. For incoming connections, we do not know the peer's name yet,
so we always have to claim ECDSA support. For outgoing connections, we always need to check
whether we have the peer's ECDSA public key, so that if we don't, we correctly tell the peer that
we want to upgrade.

diff --git a/src/net_setup.c b/src/net_setup.c
index 6b55521b600b78b6c7995f4ea21d4bd25cc900a3..34d8980e55a771acd13d2472eacca699e8d0c879 100644 (file)
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -110,6 +110,12 @@ bool read_ecdsa_public_key(connection_t *c) {
        char *fname;
        char *p;
 
+       if(!c->config_tree) {
+               init_configuration(&c->config_tree);
+               if(!read_host_config(c->config_tree, c->name))
+                       return false;
+       }
+
        /* First, check for simple ECDSAPublicKey statement */
 
        if(get_config_string(lookup_config(c->config_tree, "ECDSAPublicKey"), &p)) {

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index a4e3b24fb7791a01b8ad4534e9da686b57f515d7..f030b86bd1a43fbc45da8c723411eb148e25d5de 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -133,7 +133,7 @@ bool send_id(connection_t *c) {
        int minor = 0;
 
        if(experimental) {
-               if(c->config_tree && !read_ecdsa_public_key(c))
+               if(c->outgoing && !read_ecdsa_public_key(c))
                        minor = 1;
                else
                        minor = myself->connection->protocol_minor;