Allow tinc to be compiled without OpenSSL.

[tinc] / src / protocol_key.c

diff --git a/src/protocol_key.c b/src/protocol_key.c
index abde777..cfa2f53 100644 (file)
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -1,7 +1,7 @@
 /*
     protocol_key.c -- handle the meta-protocol, key exchange
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2014 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -87,7 +87,7 @@ bool key_changed_h(connection_t *c, const char *request) {
        return true;
 }
 
-static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
+static bool send_initial_sptps_data(void *handle, uint8_t type, const void *data, size_t len) {
        node_t *to = handle;
        to->sptps.send_data = send_sptps_data;
        char buf[len * 4 / 3 + 5];
@@ -255,6 +255,7 @@ bool req_key_h(connection_t *c, const char *request) {
                        return true;
                }
 
+               /* TODO: forwarding SPTPS packets in this way is inefficient because we send them over TCP without checking for UDP connectivity */
                send_request(to->nexthop->connection, "%s", request);
        }
 
@@ -265,6 +266,9 @@ bool send_ans_key(node_t *to) {
        if(to->status.sptps)
                abort();
 
+#ifdef DISABLE_LEGACY
+       return false;
+#else
        size_t keylen = myself->incipher ? cipher_keylength(myself->incipher) : 1;
        char key[keylen * 2 + 1];
 
@@ -305,6 +309,7 @@ bool send_ans_key(node_t *to) {
                                                digest_get_nid(to->indigest),
                                                (int)digest_length(to->indigest),
                                                to->incompression);
+#endif
 }
 
 bool ans_key_h(connection_t *c, const char *request) {
@@ -370,9 +375,11 @@ bool ans_key_h(connection_t *c, const char *request) {
                return send_request(to->nexthop->connection, "%s", request);
        }
 
+#ifndef DISABLE_LEGACY
        /* Don't use key material until every check has passed. */
        cipher_close(from->outcipher);
        digest_close(from->outdigest);
+#endif
        from->status.validkey = false;
 
        if(compression < 0 || compression > 11) {
@@ -398,13 +405,19 @@ bool ans_key_h(connection_t *c, const char *request) {
                                update_node_udp(from, &sa);
                        }
 
-                       if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
+                       /* Don't send probes if we can't send UDP packets directly to that node.
+                          TODO: the indirect (via) condition can change at any time as edges are added and removed, so this should probably be moved to graph.c. */
+                       if((from->via == myself || from->via == from) && from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
                                send_mtu_probe(from);
                }
 
                return true;
        }
 
+#ifdef DISABLE_LEGACY
+       logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%) uses legacy protocol!", from->name, from->hostname);
+       return false;
+#else
        /* Check and lookup cipher and digest algorithms */
 
        if(cipher) {
@@ -459,4 +472,5 @@ bool ans_key_h(connection_t *c, const char *request) {
                send_mtu_probe(from);
 
        return true;
+#endif
 }