Try handling the case when the first side knows the ecdsa key of
authorSven-Haegar Koch <haegar@sdinet.de>
Fri, 5 Dec 2014 02:06:44 +0000 (03:06 +0100)
committerGuus Sliepen <guus@tinc-vpn.org>
Sun, 7 Dec 2014 17:05:14 +0000 (18:05 +0100)
the second, but the second not the key of the first.
(And both have the experimental protocol enabled)

src/protocol_auth.c

index be90d92..5782a97 100644 (file)
@@ -381,11 +381,11 @@ bool id_h(connection_t *c, const char *request) {
                if(experimental)
                        read_ecdsa_public_key(c);
                        /* Ignore failures if no key known yet */
-       } else {
-               if(c->protocol_minor && !ecdsa_active(c->ecdsa))
-                       c->protocol_minor = 1;
        }
 
+       if(c->protocol_minor && !ecdsa_active(c->ecdsa))
+               c->protocol_minor = 1;
+
        /* Forbid version rollback for nodes whose Ed25519 key we know */
 
        if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {