Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.

WARNING: no expected peer info was given, identify will not be able to verify peer integrity #1462

Closed
pgte opened this issue Jul 24, 2018 · 3 comments
Assignees
Labels
exp/wizard Extensive knowledge (implications, ramifications) required kind/bug A bug in existing code (including security flaws) P1 High: Likely tackled by core team if no one steps up

Comments

@pgte
Copy link
Contributor

pgte commented Jul 24, 2018

I'm currently getting this "WARNING: no expected peer info was given, identify will not be able to verify peer integrity" message all over my tests, when using a custom transport.

This wasn't happening until I updated dependencies yesterday.

(Currently using js-ipfs 0.29.3 and I can't upgrade at this moment, don't ask..)

Do you know where I should start digging?

@daviddias daviddias added kind/bug A bug in existing code (including security flaws) P1 High: Likely tackled by core team if no one steps up exp/wizard Extensive knowledge (implications, ramifications) required labels Jul 24, 2018
@jacobheun
Copy link
Contributor

@pgte this is related to a security fix that was released yesterday for libp2p-switch that includes an update to libp2p-identify. The message you are seeing comes from libp2p-identify when the expected peer info is not passed to the identify.dialer method, https://github.com/libp2p/js-libp2p-identify/blob/master/src/dialer.js#L14.

This should only happen in one of two scenarios:

  1. libp2p-switch is not the latest version, 0.40.7, which includes the security fix
  2. crypto (secio) is not enabled for libp2p/libp2p-switch. (The peer data from the secio handshake is used to ensure the peer is the correct peer during identify)

Can you see if you have an older version of libp2p-switch installed or if secio is not enabled in your test suite? If neither of these is the case and you have the code pushed somewhere I can take a look at it.

@pgte
Copy link
Contributor Author

pgte commented Jul 24, 2018

@jacobheun thanks, makes sense. It's using libp2p-switch version 0.39.2, which apparently triggering this warning in libp2p-identify 0.7.2. I'll try upgrading. Thanks!

@pgte
Copy link
Contributor Author

pgte commented Jul 24, 2018

@jacobheun Upgrading to the latest js-ipfs did the trick. Thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
exp/wizard Extensive knowledge (implications, ramifications) required kind/bug A bug in existing code (including security flaws) P1 High: Likely tackled by core team if no one steps up
Projects
None yet
Development

No branches or pull requests

3 participants