From 7303abae4b4ebd5f22cd6784abdf76646c8c3961 Mon Sep 17 00:00:00 2001
From: Steven Allen <steven@stebalien.com>
Date: Thu, 25 Oct 2018 16:52:22 -0700
Subject: [PATCH 1/2] forbid sign strict without signing enabled

---
 pubsub.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pubsub.go b/pubsub.go
index 2d137ac..6dbf0a0 100644
--- a/pubsub.go
+++ b/pubsub.go
@@ -177,6 +177,10 @@ func NewPubSub(ctx context.Context, h host.Host, rt PubSubRouter, opts ...Option
 		}
 	}
 
+	if ps.signStrict && ps.signKey == nil {
+		return nil, fmt.Errorf("strict signature verification enabled but message signing is disabled")
+	}
+
 	rt.Attach(ps)
 
 	for _, id := range rt.Protocols() {

From 017e522caaac2bbaa85a7deb9e9d0848a816a70c Mon Sep 17 00:00:00 2001
From: Steven Allen <steven@stebalien.com>
Date: Thu, 25 Oct 2018 16:57:00 -0700
Subject: [PATCH 2/2] test nonsensical options

---
 floodsub_test.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/floodsub_test.go b/floodsub_test.go
index 8f2d83c..df01076 100644
--- a/floodsub_test.go
+++ b/floodsub_test.go
@@ -900,6 +900,16 @@ func assertPeerList(t *testing.T, peers []peer.ID, expected ...peer.ID) {
 	}
 }
 
+func TestNonsensicalSigningOptions(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	hosts := getNetHosts(t, ctx, 1)
+	_, err := NewFloodSub(ctx, hosts[0], WithMessageSigning(false), WithStrictSignatureVerification(true))
+	if err == nil {
+		t.Error("expected constructor to fail on nonsensical options")
+	}
+}
+
 func TestWithSigning(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()