lightningd: only allow closing to native segwit

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Removed: JSON-RPC: `close` `destination` no longer allows p2pkh or p2sh addresses (deprecated v0.11.0)

common/shutdown_scriptpubkey.c

@@ -48,9 +48,9 @@ static bool is_valid_witnessprog(const u8 *scriptpubkey)
 
 bool valid_shutdown_scriptpubkey(const u8 *scriptpubkey,
 				 bool anysegwit,
-				 bool anchors)
+				 bool allow_oldstyle)
 {
-	if (!anchors) {
+	if (allow_oldstyle) {
 		if (is_p2pkh(scriptpubkey, NULL)
 		    || is_p2sh(scriptpubkey, NULL))
 			return true;

common/shutdown_scriptpubkey.h

@@ -16,8 +16,11 @@
  *  - if the `scriptpubkey` is not in one of the above forms:
  *    - SHOULD send a `warning`
  */
+
+/* We still allow them to specify an old-style P2PKH or P2SH (though we
+ * never will send such a thing!) if they're not using anchors. */
 bool valid_shutdown_scriptpubkey(const u8 *scriptpubkey,
 				 bool anysegwit,
-				 bool anchors);
+				 bool allow_oldstyle);
 
 #endif /* LIGHTNING_COMMON_SHUTDOWN_SCRIPTPUBKEY_H */

lightningd/channel_control.c

@@ -315,7 +315,7 @@ static void peer_got_shutdown(struct channel *channel, const u8 *msg)
 	 *   - if the `scriptpubkey` is not in one of the above forms:
 	 *     - SHOULD send a `warning`.
 	 */
-	if (!valid_shutdown_scriptpubkey(scriptpubkey, anysegwit, anchors)) {
+	if (!valid_shutdown_scriptpubkey(scriptpubkey, anysegwit, !anchors)) {
 		u8 *warning = towire_warningfmt(NULL,
 						&channel->cid,
 						"Bad shutdown scriptpubkey %s",

lightningd/closing_control.c

@@ -724,11 +724,11 @@ static struct command_result *json_close(struct command *cmd,
 				       channel->peer->their_features,
 				       OPT_SHUTDOWN_ANYSEGWIT);
 	if (!valid_shutdown_scriptpubkey(channel->shutdown_scriptpubkey[LOCAL],
-					 anysegwit, !deprecated_apis)) {
+					 anysegwit, false)) {
 		/* Explicit check for future segwits. */
 		if (!anysegwit &&
 		    valid_shutdown_scriptpubkey(channel->shutdown_scriptpubkey
-						[LOCAL], true, !deprecated_apis)) {
+						[LOCAL], true, false)) {
 			return command_fail(cmd, JSONRPC2_INVALID_PARAMS,
 					    "Peer does not allow v1+ shutdown addresses");
 		}

lightningd/dual_open_control.c

@@ -1364,7 +1364,7 @@ static void handle_peer_wants_to_close(struct subd *dualopend,
 	 *  - if the `scriptpubkey` is not in one of the above forms:
 	 *    - SHOULD send a `warning`
 	 */
-	if (!valid_shutdown_scriptpubkey(scriptpubkey, anysegwit, anchors)) {
+	if (!valid_shutdown_scriptpubkey(scriptpubkey, anysegwit, !anchors)) {
 		u8 *warning = towire_warningfmt(NULL,
 						&channel->cid,
 						"Bad shutdown scriptpubkey %s",

openingd/openingd.c

@@ -311,7 +311,7 @@ static void set_remote_upfront_shutdown(struct state *state,
 		= tal_steal(state, shutdown_scriptpubkey);
 
 	if (shutdown_scriptpubkey
-	    && !valid_shutdown_scriptpubkey(shutdown_scriptpubkey, anysegwit, anchors))
+	    && !valid_shutdown_scriptpubkey(shutdown_scriptpubkey, anysegwit, !anchors))
 		peer_failed_err(state->pps,
 				&state->channel_id,
 				"Unacceptable upfront_shutdown_script %s",