From 2059814238320b761fb93608b7f8a114de861302 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 24 Apr 2015 23:40:20 +0200 Subject: [PATCH] Allow one-sided upgrades to Ed25519. This deals with the case where one node knows the Ed25519 key of another node, but not the other way around. This was blocked by an overly paranoid check in id_h(). The upgrade_h() function already handled this case, and the node that already knows the other's Ed25519 key checks that it has not been changed, otherwise the connection will be aborted. --- src/protocol_auth.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 0882ddf..2262fbb 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -386,7 +386,7 @@ bool id_h(connection_t *c, const char *request) { /* Forbid version rollback for nodes whose Ed25519 key we know */ - if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) { + if(ecdsa_active(c->ecdsa) && c->protocol_minor < 1) { logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) tries to roll back protocol version to %d.%d", c->name, c->hostname, c->protocol_major, c->protocol_minor); return false; @@ -780,6 +780,8 @@ static bool upgrade_h(connection_t *c, const char *request) { logger(DEBUG_ALWAYS, LOG_INFO, "Got Ed25519 public key from %s (%s), upgrading!", c->name, c->hostname); append_config_file(c->name, "Ed25519PublicKey", pubkey); c->allow_request = TERMREQ; + if(c->outgoing) + c->outgoing->timeout = 0; return send_termreq(c); } -- 2.25.1