fix: removed dummy ID(b) from upgrade_security for inbound connections (#681)

lla-dane · web-flow · commit 2ed2587fc90b · 2025-06-17T06:25:50.000-06:00
* fix: removed dummy ID(b) from upgrade_security for inbound connections

* added newsfragment

* updated newsfragment
diff --git a/libp2p/network/swarm.py b/libp2p/network/swarm.py
@@ -187,7 +187,7 @@ async def dial_addr(self, addr: Multiaddr, peer_id: ID) -> INetConn:
         # Per, https://discuss.libp2p.io/t/multistream-security/130, we first secure
         # the conn and then mux the conn
         try:
-            secured_conn = await self.upgrader.upgrade_security(raw_conn, peer_id, True)
+            secured_conn = await self.upgrader.upgrade_security(raw_conn, True, peer_id)
         except SecurityUpgradeFailure as error:
             logger.debug("failed to upgrade security for peer %s", peer_id)
             await raw_conn.close()
@@ -257,10 +257,7 @@ async def conn_handler(
                 # Per, https://discuss.libp2p.io/t/multistream-security/130, we first
                 # secure the conn and then mux the conn
                 try:
-                    # FIXME: This dummy `ID(b"")` for the remote peer is useless.
-                    secured_conn = await self.upgrader.upgrade_security(
-                        raw_conn, ID(b""), False
-                    )
+                    secured_conn = await self.upgrader.upgrade_security(raw_conn, False)
                 except SecurityUpgradeFailure as error:
                     logger.debug("failed to upgrade security for peer at %s", maddr)
                     await raw_conn.close()
diff --git a/libp2p/transport/upgrader.py b/libp2p/transport/upgrader.py
@@ -48,11 +48,16 @@ def upgrade_listener(self, transport: ITransport, listeners: IListener) -> None:
         # TODO: Figure out what to do with this function.
 
     async def upgrade_security(
-        self, raw_conn: IRawConnection, peer_id: ID, is_initiator: bool
+        self,
+        raw_conn: IRawConnection,
+        is_initiator: bool,
+        peer_id: ID | None = None,
     ) -> ISecureConn:
         """Upgrade conn to a secured connection."""
         try:
             if is_initiator:
+                if peer_id is None:
+                    raise ValueError("peer_id must be provided for outbout connection")
                 return await self.security_multistream.secure_outbound(
                     raw_conn, peer_id
                 )
diff --git a/newsfragments/681.breaking.rst b/newsfragments/681.breaking.rst
@@ -0,0 +1,2 @@
+Reordered the arguments to `upgrade_security` to place `is_initiator` before `peer_id`, and made `peer_id` optional.
+This allows the method to reflect the fact that peer identity is not required for inbound connections.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+Reordered the arguments to `upgrade_security` to place `is_initiator` before `peer_id`, and made `peer_id` optional.
	`2`	`+This allows the method to reflect the fact that peer identity is not required for inbound connections.`