personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-11-22 08:24:25 +01:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

make tryRehandshake easier to understand

Browse Source
This commit is contained in:
JackDoan
2025-10-02 12:29:56 -05:00
parent 32649de665
commit 1a1255d557
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
connection_manager.go
View File

@@ -561,14 +561,20 @@ func (cm *connectionManager) tryRehandshake(hostinfo *HostInfo) {
return return
} }
} }
if curCrtVersion >= cs.initiatingVersion && bytes.Equal(curCrt.Signature(), myCrt.Signature()) == true { if !bytes.Equal(curCrt.Signature(), myCrt.Signature()) {
// The current tunnel is using the latest certificate and version, no need to rehandshake. cm.l.WithField("vpnAddrs", hostinfo.vpnAddrs).
WithField("reason", "local certificate is not current").
Info("Re-handshaking with remote")
cm.intf.handshakeManager.StartHandshake(hostinfo.vpnAddrs[0], nil)
return return
} }
if curCrtVersion < cs.initiatingVersion {
cm.l.WithField("vpnAddrs", hostinfo.vpnAddrs).
WithField("reason", "current cert version < pki.initiatingVersion").
Info("Re-handshaking with remote")
cm.l.WithField("vpnAddrs", hostinfo.vpnAddrs). cm.intf.handshakeManager.StartHandshake(hostinfo.vpnAddrs[0], nil)
WithField("reason", "local certificate is not current"). return
Info("Re-handshaking with remote") }
cm.intf.handshakeManager.StartHandshake(hostinfo.vpnAddrs[0], nil)
} }