site: Read public peer keys from key file
Instead of a sigpubkey_if, we maintain a peer_keyset for the peer.
We try to get this from the new "peer-keys" configuration key which
specifies a file (to be parsed with the parser pubkeys.fl.pl).
Failing that we fall back to the old "key" (for key id
0000000000).
We actually keep up to two peer_keysets, because we don't want the set
to change during the middle of a key exchange. (In the future, peer
keysets might change during operation.) We make a "copy" (actually a
reference) at the start of key exchange.
We advertise the keyids we will accept in our MSG2/MSG3. We expect
the peer to state in their MSG3/MSG4 which key they have actually
signed the message with.
This commit has a bug: it never calls sethash. Our only algorithm
right now is rsa1 and needs sethash. So attempts to use this will
segfault.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
~ian / secnet.git / commit