WARNING: no expected peer info was given, identify will not be able to verify peer integrity

[pgte]

I'm currently getting this "WARNING: no expected peer info was given, identify will not be able to verify peer integrity" message all over my tests, when using a custom transport.

This wasn't happening until I updated dependencies yesterday.

(Currently using js-ipfs 0.29.3 and I can't upgrade at this moment, don't ask..)

Do you know where I should start digging?

[jacobheun]

@pgte this is related to a security fix that was released yesterday for libp2p-switch that includes an update to libp2p-identify. The message you are seeing comes from libp2p-identify when the expected peer info is not passed to the identify.dialer method, https://github.com/libp2p/js-libp2p-identify/blob/master/src/dialer.js#L14.

This should only happen in one of two scenarios:

1. libp2p-switch is not the latest version, 0.40.7, which includes the security fix
2. crypto (secio) is not enabled for libp2p/libp2p-switch. (The peer data from the secio handshake is used to ensure the peer is the correct peer during identify)

Can you see if you have an older version of libp2p-switch installed or if secio is not enabled in your test suite? If neither of these is the case and you have the code pushed somewhere I can take a look at it.

[pgte]

@jacobheun thanks, makes sense. It's using libp2p-switch version 0.39.2, which apparently triggering this warning in libp2p-identify 0.7.2. I'll try upgrading. Thanks!

[pgte]

@jacobheun Upgrading to the latest js-ipfs did the trick. Thanks!