1 files changed, 16 insertions, 10 deletions

diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index 3ca0f536..f5bfce4e 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -645,16 +645,8 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpPOST(
 								}
 
 								// Member is being de-authorized, so spray Revocation objects to all online members
-								if (!newAuth) {
-									Revocation rev((uint32_t)_node->prng(),nwid,0,now,ZT_REVOCATION_FLAG_FAST_PROPAGATE,Address(address),Revocation::CREDENTIAL_TYPE_COM);
-									rev.sign(_signingId);
-
-									Mutex::Lock _l(_memberStatus_m);
-									for(auto i=_memberStatus.begin();i!=_memberStatus.end();++i) {
-										if ((i->first.networkId == nwid)&&(i->second.online(now)))
-											_node->ncSendRevocation(Address(i->first.nodeId),rev);
-									}
-								}
+								if (!newAuth)
+									onNetworkMemberDeauthorize(nwid,address);
 							}
 						}
 
@@ -1154,6 +1146,20 @@ void EmbeddedNetworkController::onNetworkMemberUpdate(const uint64_t networkId,c
 	} catch ( ... ) {}
 }
 
+void EmbeddedNetworkController::onNetworkMemberDeauthorize(const uint64_t networkId,const uint64_t memberId)
+{
+	const uint64_t now = OSUtils::now();
+	Revocation rev((uint32_t)_node->prng(),networkId,0,now,ZT_REVOCATION_FLAG_FAST_PROPAGATE,Address(memberId),Revocation::CREDENTIAL_TYPE_COM);
+	rev.sign(_signingId);
+	{
+		Mutex::Lock _l(_memberStatus_m);
+		for(auto i=_memberStatus.begin();i!=_memberStatus.end();++i) {
+			if ((i->first.networkId == networkId)&&(i->second.online(now)))
+				_node->ncSendRevocation(Address(i->first.nodeId),rev);
+		}
+	}
+}
+
 void EmbeddedNetworkController::threadMain()
 	throw()
 {