summaryrefslogtreecommitdiff
path: root/node/Network.cpp
diff options
context:
space:
mode:
authorAdam Ierymenko <adam.ierymenko@gmail.com>2014-09-30 17:26:34 -0700
committerAdam Ierymenko <adam.ierymenko@gmail.com>2014-09-30 17:26:34 -0700
commitb41437780b5740f7fcb813412b2bf4157ac8d807 (patch)
tree2f2168808ec882fb06d7497c3ea308251126554b /node/Network.cpp
parent2659427864aee89977a58440705f7069c0e6c639 (diff)
downloadinfinitytier-b41437780b5740f7fcb813412b2bf4157ac8d807.tar.gz
infinitytier-b41437780b5740f7fcb813412b2bf4157ac8d807.zip
Add origin to new MULTICAST_FRAME, move security check for certs into Network to remove redundant code and bug-proneness, more work on IncomingPacket...
Diffstat (limited to 'node/Network.cpp')
-rw-r--r--node/Network.cpp13
1 files changed, 11 insertions, 2 deletions
diff --git a/node/Network.cpp b/node/Network.cpp
index 577a736e..0dc5c8b6 100644
--- a/node/Network.cpp
+++ b/node/Network.cpp
@@ -239,16 +239,25 @@ void Network::requestConfiguration()
RR->sw->send(outp,true);
}
-void Network::addMembershipCertificate(const CertificateOfMembership &cert)
+void Network::addMembershipCertificate(const CertificateOfMembership &cert,bool forceAccept)
{
if (!cert) // sanity check
return;
+ if (!forceAccept) {
+ if (cert.signedBy() != controller())
+ return;
+ SharedPtr<Peer> signer(RR->topology->getPeer(cert.signedBy()));
+ if (!signer)
+ return; // we should already have done a WHOIS on this peer, since this is our netconf master
+ if (!cert.verify(signer->identity()))
+ return;
+ }
+
Mutex::Lock _l(_lock);
// We go ahead and accept certs provisionally even if _isOpen is true, since
// that might be changed in short order if the user is fiddling in the UI.
- // These will be purged on clean() for open networks eventually.
CertificateOfMembership &old = _membershipCertificates[cert.issuedTo()];
if (cert.timestamp() >= old.timestamp()) {
generated by cgit v1.2.3 (git 2.39.1) at 2026-01-19 00:47:16 +0000