From 3124c921e7af15548b8b16d5f239bfdcd178b2ca Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 11 Sep 2017 10:00:11 -0400
Subject: Split the behavior of node_supports_ed25519_link_authentication().

Before, this function meant "can we connect to this node and
authenticate it using its ed25519 key?"  Now it can additionally
mean, "when somebody else connects to this node, do we expect that
they can authenticate using the node's ed25519 key"?

This change lets us future-proof our link authentication a bit.

Closes ticket 20895.  No backport needed, since ed25519 link
authentication support has not been in any LTS release yet, and
existing releases with it should be obsolete before any releases
without support for linkauth=3 are released.
---
 src/or/connection_or.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/or/connection_or.c')

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index d890b58da6..29c1166b3c 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -886,7 +886,7 @@ connection_or_check_canonicity(or_connection_t *conn, int started_here)
 
   const node_t *r = node_get_by_id(id_digest);
   if (r &&
-      node_supports_ed25519_link_authentication(r) &&
+      node_supports_ed25519_link_authentication(r, 1) &&
       ! node_ed25519_id_matches(r, ed_id)) {
     /* If this node is capable of proving an ed25519 ID,
      * we can't call this a canonical connection unless both IDs match. */
-- 
cgit v1.2.3-54-g00ecf