From e9b472dc9e31def5c8559c6d007fdf770d99d308 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Fri, 4 Sep 2015 20:57:33 +0200
Subject: config: allow moving the 'on verify' clause into a peer group

---
 src/protocols/ec25519_fhmqvc/handshake.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/protocols/ec25519_fhmqvc/handshake.c')

diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c
index bef4385..0cbe15a 100644
--- a/src/protocols/ec25519_fhmqvc/handshake.c
+++ b/src/protocols/ec25519_fhmqvc/handshake.c
@@ -565,12 +565,18 @@ static fastd_peer_t * add_dynamic(fastd_socket_t *sock, const fastd_peer_address
 	}
 
 	fastd_peer_t *peer = fastd_new0(fastd_peer_t);
-	peer->group = conf.peer_group;
+	peer->group = conf.on_verify_group;
 	peer->config_state = CONFIG_DYNAMIC;
 
 	peer->key = fastd_new(fastd_protocol_key_t);
 	*peer->key = peer_key;
 
+	if (!fastd_peer_may_connect(peer)) {
+		pr_debug("not adding dynamic peer %P[%I] because of local constraints", peer, addr);
+		fastd_peer_free(peer);
+		return NULL;
+	}
+
 	if (!fastd_peer_add(peer))
 		exit_bug("failed to add dynamic peer");
 
-- 
cgit v1.2.3