From 1a1255d5570b794d5d581e991a3c53ced6fc9d0b Mon Sep 17 00:00:00 2001
From: JackDoan <me@jackdoan.com>
Date: Thu, 2 Oct 2025 12:29:56 -0500
Subject: [PATCH] make tryRehandshake easier to understand

---
 connection_manager.go | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/connection_manager.go b/connection_manager.go
index b675213..4c2f26e 100644
--- a/connection_manager.go
+++ b/connection_manager.go
@@ -561,14 +561,20 @@ func (cm *connectionManager) tryRehandshake(hostinfo *HostInfo) {
 			return
 		}
 	}
-	if curCrtVersion >= cs.initiatingVersion && bytes.Equal(curCrt.Signature(), myCrt.Signature()) == true {
-		// The current tunnel is using the latest certificate and version, no need to rehandshake.
+	if !bytes.Equal(curCrt.Signature(), myCrt.Signature()) {
+		cm.l.WithField("vpnAddrs", hostinfo.vpnAddrs).
+			WithField("reason", "local certificate is not current").
+			Info("Re-handshaking with remote")
+
+		cm.intf.handshakeManager.StartHandshake(hostinfo.vpnAddrs[0], nil)
 		return
 	}
+	if curCrtVersion < cs.initiatingVersion {
+		cm.l.WithField("vpnAddrs", hostinfo.vpnAddrs).
+			WithField("reason", "current cert version < pki.initiatingVersion").
+			Info("Re-handshaking with remote")
 
-	cm.l.WithField("vpnAddrs", hostinfo.vpnAddrs).
-		WithField("reason", "local certificate is not current").
-		Info("Re-handshaking with remote")
-
-	cm.intf.handshakeManager.StartHandshake(hostinfo.vpnAddrs[0], nil)
+		cm.intf.handshakeManager.StartHandshake(hostinfo.vpnAddrs[0], nil)
+		return
+	}
 }