ded server, keys, and addon versions

[mr.peanut 1]

I have a linux ded server and I would like to force all clients connecting to have the same version of a mod installed. Is verifySignatures sufficient for this?

There is another problem. The linux update script does not erase old mod keys(I will fix this soon) leaving multiple keys albeit with different file names. Will clients with older mod versions matching the old keys still be able to connect and play (and maybe crash server) ?

[killswitch 19]

I have a linux ded server and I would like to force all clients connecting to have the same version of a mod installed. Is verifySignatures sufficient for this?

It will be sufficient if the mod and/or addon makers in question uses versioned signature files.

Will clients with older mod versions matching the old keys still be able to connect and play (and maybe crash server) ?

Yes.

[mr.peanut 1]

This is why I am confused. :butbut: To me those answers are contradictory. First you say verifySignatures is enough to ensure all clients have same version of mod as server and then you say not.

On the server during signature verification, the server key is compared to the client bisign. Is this all that happens, or does the server also make sure the server and client have the same bisign?

[killswitch 19]

This is why I am confused. :butbut: To me those answers are contradictory. First you say verifySignatures is enough to ensure all clients have same version of mod as server and then you say not.

I should have formulated that in a more stringent way:

Turning on signature verification by itself is only part of the solution. It can be used to guarantee that clients have the same version of addons as the server, if and only if:

• Signature verification is enabled on the server (obviously).
  
• The addons are signed with a new key every time they are updated.
  
• The server has the latest versions of the .bikey files for the given addon in the Keys folder and only the latest versions.

If these conditons are not satisfied, one cannot guarantee the same version addons on client and server. For example, it is quite possible to have "XYZ_MyMod_v10.bikey" and "XYZ_MyMod_v11.bikey" in the server's Keys folder. This would allow clients with either the "1.0" and "1.1" addon sets to connect and that's probably not desirable.

On the server during signature verification, the server key is compared to the client bisign. Is this all that happens, or does the server also make sure the server and client have the same bisign?

It's more the latter - the client's files are checked against the client's own .bisign files and against the server's files.

A common thing we see these days are people connecting to 1.05 servers and one of them (client or server) haven't applied the Eagle Wing campaign hotfix. Their (old) EW mission pbo file (and associated .bisign file) are perfectly OK in that they are original files, signed with BIS own key and not tampered with in any way. Still, they get kicked off (or worse, it's determined by the server.cfg onDifferentData setting) if only one of the server or client has the EW hotfix installed.

Edited January 15, 2010 by Killswitch
Added link to the EW hotfix forum thread.

[SWAT_BigBear 0]

Well, that explains why my server kicked me for the Apache.

I just need to add the hotfix to the server?

[mr.peanut 1]

Thanks for the comprehensive reply Killswitch. Much appreciated.

[killswitch 19]

Thanks for the comprehensive reply Killswitch. Much appreciated.

You're welcome - I'm glad to have been of help. :)

Well, that explains why my server kicked me for the Apache.

I just need to add the hotfix to the server?

Yep - just unpack/upload the new "missions_ew.pbo" and "missions_ew.pbo.bisign" on the server. OTOH, tf the server kicks you "for the Apache", perhaps there's some trouble with your ah64.pbo and ah64.pbo.bisign files (or the server's copies of those files).