Wrong address tried to connect to other nodes

[phmarek]

I generate an address with very few rights, and pass that on so that other nodes can connect to my blockchain (via -initprivkey) and register themselves (in a stream), to be granted rights for their "own" (newly generated) address by the master node.

That works fine so far; but as soon as the "invitation" address gets revoked and a blockchain node restarted, it still tries to use that (-initprivkey) address to connect - although it "knows" that this is already invalidated, and there's another address locally available with enough rights.

This could be solved via #126 - or by having multichain checking permissions for the address it's trying to use for connect.

[gidgreen]

First I'm not sure it knows the address has been revoked. Since it connected with this address, it might have had its connections dropped before it found out. In any event please see the handshakelocal runtime parameter:

https://www.multichain.com/developers/runtime-parameters/

Also in general please ask these sorts of questions on the Q&A:

https://www.multichain.com/qa/

[phmarek]

Well, first of all I can make sure that the local Multichain knows it's gone, by waiting for the permission to be gone.

Second, even without any additional information, Multichain might (should) try to use other available private keys to connect if the current one isn't accepted.

handshakelocal is a good tip, thanks - but that depends on the caller knowing which one is the "right" key; an automated solution (like trying keys round-robin) is surely preferable. (Or #126, at least.)

[gidgreen]

It's not really viable to round-robin all the keys in the wallet, because in some circumstances this is not information that a node will want to share with others.

[phmarek]

Hmmm, yeah, right. But perhaps the addresses with (explicit) connect permissions, or a whitelisted or all non-blacklisted ones? For real security a cold wallet is the way to go, anyway.