X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=48ba204861661e43e1815597b77b858b9a1cf2b8;hb=91937812bdfe74699e4f7cdf86265d07423acbba;hp=98b934cb85bef9037086328beca097206426e173;hpb=153abaa4d940bf2bc9bd7275d5efe5c01c354190;p=meshlink

diff --git a/src/protocol_key.c b/src/protocol_key.c
index 98b934cb..48ba2048 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -47,7 +47,7 @@ void send_key_changed(void) {
 	for(node = connection_tree->head; node; node = node->next) {
 		c = node->data;
 		if(c->status.active && c->node && c->node->status.reachable) {
-			if(!experimental || OPTION_VERSION(c->node->options) < 2)
+			if(!c->node->status.sptps)
 				send_ans_key(c->node);
 		}
 	}
@@ -57,7 +57,7 @@ void send_key_changed(void) {
 	if(experimental) {
 		for(node = node_tree->head; node; node = node->next) {
 			node_t *n = node->data;
-			if(n->status.reachable && n->status.validkey && OPTION_VERSION(n->options) >= 2)
+			if(n->status.reachable && n->status.validkey && n->status.sptps)
 				sptps_force_kex(&n->sptps);
 		}
 	}
@@ -84,7 +84,7 @@ bool key_changed_h(connection_t *c, const char *request) {
 		return true;
 	}
 
-	if(OPTION_VERSION(n->options) < 2) {
+	if(!n->status.sptps) {
 		n->status.validkey = false;
 		n->last_req_key = 0;
 	}
@@ -106,7 +106,7 @@ static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data
 }
 
 bool send_req_key(node_t *to) {
-	if(experimental && OPTION_VERSION(to->options) >= 2) {
+	if(to->status.sptps) {
 		if(!node_read_ecdsa_public_key(to)) {
 			logger(DEBUG_ALWAYS, LOG_DEBUG, "No ECDSA key known for %s (%s)", to->name, to->hostname);
 			send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY);
@@ -114,6 +114,8 @@ bool send_req_key(node_t *to) {
 		}
                 char label[25 + strlen(myself->name) + strlen(to->name)];
 		snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name);
+		sptps_stop(&to->sptps);
+		to->status.validkey = false;
 		return sptps_start(&to->sptps, to, true, true, myself->connection->ecdsa, to->ecdsa, label, sizeof label, send_initial_sptps_data, receive_sptps_record); 
 	}
 
@@ -167,6 +169,8 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
 
 			char label[25 + strlen(from->name) + strlen(myself->name)];
 			snprintf(label, sizeof label, "tinc UDP key expansion %s %s", from->name, myself->name);
+			sptps_stop(&from->sptps);
+			from->status.validkey = false;
 			sptps_start(&from->sptps, from, false, true, myself->connection->ecdsa, from->ecdsa, label, sizeof label, send_sptps_data, receive_sptps_record); 
 			sptps_receive_data(&from->sptps, buf, len);
 			return true;
@@ -213,10 +217,12 @@ bool req_key_h(connection_t *c, const char *request) {
 
 	/* Check if this key request is for us */
 
-	if(to == myself) {			/* Yes, send our own key back */
+	if(to == myself) {			/* Yes */
+		/* Is this an extended REQ_KEY message? */
 		if(experimental && reqno)
 			return req_key_ext_h(c, request, from, reqno);
 
+		/* No, just send our key back */
 		send_ans_key(from);
 	} else {
 		if(tunnelserver)
@@ -235,7 +241,7 @@ bool req_key_h(connection_t *c, const char *request) {
 }
 
 bool send_ans_key(node_t *to) {
-	if(experimental && OPTION_VERSION(to->options) >= 2)
+	if(to->status.sptps)
 		abort();
 
 	size_t keylen = cipher_keylength(&myself->incipher);
@@ -329,7 +335,7 @@ bool ans_key_h(connection_t *c, const char *request) {
 
 	/* SPTPS or old-style key exchange? */
 
-	if(experimental && OPTION_VERSION(from->options) >= 2) {
+	if(from->status.sptps) {
 		char buf[strlen(key)];
 		int len = b64decode(key, buf, strlen(key));