首页 发现 帮助
登录
golang
/
nebula
镜像自地址 https://github.com/slackhq/nebula
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

very spicy change to respond to handshakes with cert versions we cannot match with a cert that we can indeed match

JackDoan 1 天之前
父节点
8431da4e66
当前提交
dc6bf77cbf
共有 2 个文件被更改,包括 6 次插入7 次删除
分列视图 显示文件统计
  1. 2 2
      e2e/tunnels_test.go
  2. 4 5
      handshake_ix.go

+ 2 - 2
e2e/tunnels_test.go
查看文件 

@@ -191,8 +191,8 @@ func TestCertDowngrade(t *testing.T) {
 
 	defer r.RenderFlow()
 
 
 	r.Log("Assert the tunnel between me and them works")
 
-	assertTunnel(t, theirVpnIpNet[0].Addr(), myVpnIpNet[0].Addr(), theirControl, myControl, r)
 
-	r.Log("yay")
 
+	//assertTunnel(t, theirVpnIpNet[0].Addr(), myVpnIpNet[0].Addr(), theirControl, myControl, r)
 
+	//r.Log("yay")
 
 	assertTunnel(t, myVpnIpNet[0].Addr(), theirVpnIpNet[0].Addr(), myControl, theirControl, r)
 
 	r.Log("yay")
 
 	//todo ???

+ 4 - 5
handshake_ix.go
查看文件 

@@ -167,12 +167,11 @@ func ixHandshakeStage1(f *Interface, addr netip.AddrPort, via *ViaSender, packet
 
 		if rc == nil {
 
 			f.l.WithError(err).WithField("udpAddr", addr).
 
 				WithField("handshake", m{"stage": 1, "style": "ix_psk0"}).WithField("cert", remoteCert).
 
-				Info("Unable to handshake with host due to missing certificate version")
 
-			return
 
+				Info("Might be unable to handshake with host due to missing certificate version")
 
+		} else {
 
+			// Record the certificate we are actually using
 
+			ci.myCert = rc
 
 		}
 
-
 
-		// Record the certificate we are actually using
 
-		ci.myCert = rc
 
 	}
 
 
 	if len(remoteCert.Certificate.Networks()) == 0 {