bugfix: allow gateways to permit authentication from v4 clients (#5862)

This commit is contained in:
Jędrzej Stuczyński
2025-06-18 09:17:54 +01:00
committed by GitHub
parent 6d47046a38
commit 44ec6d6bc8
@@ -419,6 +419,13 @@ impl<R, S> FreshHandler<R, S> {
return Ok(INITIAL_PROTOCOL_VERSION);
};
// #####
// On backwards compat:
// Currently it is the case that gateways will understand all previous protocol versions
// and will downgrade accordingly, but this will now always be the case.
// For example, once we remove downgrade on legacy auth, anything below version 4 will be rejected
// #####
// a v2 gateway will understand v1 requests, but v1 client will not understand v2 responses
if client_protocol_version == 1 {
return Ok(1);
@@ -434,6 +441,11 @@ impl<R, S> FreshHandler<R, S> {
return Ok(3);
}
// a v5 gateway will understand v4 requests (key-rotation)
if client_protocol_version == 4 {
return Ok(4);
}
// we can't handle clients with higher protocol than ours
// (perhaps we could try to negotiate downgrade on our end? sounds like a nice future improvement)
if client_protocol_version <= CURRENT_PROTOCOL_VERSION {