From: Guus Sliepen Date: Fri, 26 Dec 2014 13:38:01 +0000 (+0100) Subject: Allow running tinc without RSA keys. X-Git-Tag: release-1.1pre11~9 X-Git-Url: https://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=880d74ad2d8a6d73c2e94ec54df542b88dc0c6f4;p=tinc Allow running tinc without RSA keys. This allows one to run tinc with only Ed25519 keys, forcing tinc to always use the SPTPS protocol. --- diff --git a/src/net_setup.c b/src/net_setup.c index a7ed3a89..29f12128 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -277,6 +277,8 @@ static bool read_rsa_private_key(void) { if(!fp) { logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA private key file `%s': %s", fname, strerror(errno)); + if(errno == ENOENT) + logger(DEBUG_ALWAYS, LOG_INFO, "Create an RSA keypair with `tinc -n %s generate-rsa-keys'.", netname ?: "."); free(fname); return false; } @@ -780,8 +782,14 @@ static bool setup_myself(void) { return false; } - if(!read_rsa_private_key()) - return false; + if(!read_rsa_private_key()) { + if(experimental) { + logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled."); + } else { + logger(DEBUG_ALWAYS, LOG_ERR, "No private keys available, cannot start tinc!"); + return false; + } + } /* Ensure myport is numeric */ diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 47c248db..cd39f28d 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -412,6 +412,11 @@ bool id_h(connection_t *c, const char *request) { } bool send_metakey(connection_t *c) { + if(!myself->connection->rsa) { + logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname); + return false; + } + if(!read_rsa_public_key(c)) return false; @@ -478,6 +483,9 @@ bool send_metakey(connection_t *c) { } bool metakey_h(connection_t *c, const char *request) { + if(!myself->connection->rsa) + return false; + char hexkey[MAX_STRING_SIZE]; int cipher, digest, maclength, compression; const size_t len = rsa_size(myself->connection->rsa); @@ -560,6 +568,9 @@ bool send_challenge(connection_t *c) { } bool challenge_h(connection_t *c, const char *request) { + if(!myself->connection->rsa) + return false; + char buffer[MAX_STRING_SIZE]; const size_t len = rsa_size(myself->connection->rsa); size_t digestlen = digest_length(c->indigest);