From c83c2d080f21b12db42ef664d7c3272b8b700656 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 10 May 2013 21:11:45 +0200 Subject: [PATCH] Enable the SPTPS protocol by default. --- doc/tinc.conf.5.in | 6 ++---- doc/tinc.texi | 6 ++---- src/net_setup.c | 2 ++ src/protocol.c | 2 +- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index 1cca366..89ef739 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -274,14 +274,12 @@ The file in which the private ECDSA key of this tinc daemon resides. This is only used if .Va ExperimentalProtocol is enabled. -.It Va ExperimentalProtocol Li = yes | no Po no Pc Bq experimental -When this option is enabled, experimental protocol enhancements will be used. +.It Va ExperimentalProtocol Li = yes | no Pq yes +When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it. Ephemeral ECDH will be used for key exchanges, and ECDSA will be used instead of RSA for authentication. When enabled, an ECDSA key must have been generated before with .Nm tinc generate-ecdsa-keys . -The experimental protocol may change at any time, -and there is no guarantee that tinc will run stable when it is used. .It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental This option selects the way indirect packets are forwarded. .Bl -tag -width indent diff --git a/doc/tinc.texi b/doc/tinc.texi index e1af55c..fc94b0a 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1002,14 +1002,12 @@ The file in which the private ECDSA key of this tinc daemon resides. This is only used if ExperimentalProtocol is enabled. @cindex ExperimentalProtocol -@item ExperimentalProtocol = (no) [experimental] -When this option is enabled, experimental protocol enhancements will be used. +@item ExperimentalProtocol = (yes) +When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it. Ephemeral ECDH will be used for key exchanges, and ECDSA will be used instead of RSA for authentication. When enabled, an ECDSA key must have been generated before with @samp{tinc generate-ecdsa-keys}. -The experimental protocol may change at any time, -and there is no guarantee that tinc will run stable when it is used. @cindex Forwarding @item Forwarding = (internal) [experimental] diff --git a/src/net_setup.c b/src/net_setup.c index a9947aa..6b55521 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -192,6 +192,8 @@ static bool read_ecdsa_private_key(void) { if(!fp) { logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA private key file `%s': %s", fname, strerror(errno)); + if(errno == ENOENT) + logger(DEBUG_ALWAYS, LOG_INFO, "Create an ECDSA keypair with `tinc -n %s generate-ecdsa-keys'.", netname ?: "."); free(fname); return false; } diff --git a/src/protocol.c b/src/protocol.c index ad0fa8d..d166305 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -30,7 +30,7 @@ bool tunnelserver = false; bool strictsubnets = false; -bool experimental = false; +bool experimental = true; /* Jumptable for the request handlers */ -- 2.25.1