personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-11-22 00:15:37 +01:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

very spicy change to respond to handshakes with cert versions we cannot match with a cert that we can indeed match

Browse Source
This commit is contained in:
JackDoan
2025-09-10 12:47:39 -05:00
parent d2d3e21780
commit 0946831f88
2 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
e2e/tunnels_test.go
View File

@@ -191,8 +191,8 @@ func TestCertDowngrade(t *testing.T) {
defer r.RenderFlow()
r.Log("Assert the tunnel between me and them works")
assertTunnel(t, theirVpnIpNet[0].Addr(), myVpnIpNet[0].Addr(), theirControl, myControl, r)
r.Log("yay")
//assertTunnel(t, theirVpnIpNet[0].Addr(), myVpnIpNet[0].Addr(), theirControl, myControl, r)
//r.Log("yay")
assertTunnel(t, myVpnIpNet[0].Addr(), theirVpnIpNet[0].Addr(), myControl, theirControl, r)
r.Log("yay")
//todo ???

9
handshake_ix.go
View File

@@ -167,12 +167,11 @@ func ixHandshakeStage1(f *Interface, addr netip.AddrPort, via *ViaSender, packet
if rc == nil {
f.l.WithError(err).WithField("udpAddr", addr).
WithField("handshake", m{"stage": 1, "style": "ix_psk0"}).WithField("cert", remoteCert).
Info("Unable to handshake with host due to missing certificate version")
return
Info("Might be unable to handshake with host due to missing certificate version")
} else {
// Record the certificate we are actually using
ci.myCert = rc
}
// Record the certificate we are actually using
ci.myCert = rc
}
if len(remoteCert.Certificate.Networks()) == 0 {