It's more natural than using a zero-secret when something goes wrong.
Also note that the HSM will actually kill the connection if the ECDH
fails, which is fortunately statistically unlikely.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is kind of a hack, but let's make it a complete hack. GCC with
-flto noticed we use different definitions of 'struct io_conn' here
and gave the warning:
ccan/ccan/io/io.h:620:17: warning: type of ‘io_close’ does not match original declaration [-Wlto-type-mismatch]
struct io_plan *io_close(struct io_conn *conn);
^
ccan/ccan/io/io.c:449:17: note: ‘io_close’ was previously declared here
struct io_plan *io_close(struct io_conn *conn)
^
ccan/ccan/io/io.c:449:17: note: code may be misoptimized unless -fno-strict-aliasing is used
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
It seems to be having a bit of trouble understanding the control flow to realize
it's not actually uninitialized.
Add an error handler after the switch in case we miss a real uninitialized error
in the future.
Signed-off-by: William Casarin <jb55@jb55.com>
Rusty Russell
William Casarin