The problem was that the service attempted to validate secrets for all connection types except static keys (the comment was "/* Static Key doesn't need secrets; the rest do */"), which is incorrect: passwordless TLS doesn't need secrets either. the attached patch solves the issue. I am still mistyfied as to why it *sometimes* worked, though...
This patch solves the issue.
The problem was that the service attempted to validate secrets for all connection types except static keys (the comment was "/* Static Key doesn't need secrets; the rest do */"), which is incorrect: passwordless TLS doesn't need secrets either. the attached patch solves the issue. I am still mistyfied as to why it *sometimes* worked, though...