From 4c029388523e5c96f884c3ec351329845c077398 Mon Sep 17 00:00:00 2001
From: Kees Bos <k.bos@capitar.com>
Date: Wed, 24 Jun 2015 01:15:14 +0200
Subject: [PATCH] Fix signing verification

The only signing that's accepted is what we (the controller) signed.

	if (cert.signedBy() != controller()) then fail

So, there's no need to get a Peer entry for ourself (and that fails
too). Just use the controller identity.
---
 node/Network.cpp | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/node/Network.cpp b/node/Network.cpp
index a217595af..951fd2902 100644
--- a/node/Network.cpp
+++ b/node/Network.cpp
@@ -286,16 +286,9 @@ void Network::addMembershipCertificate(const CertificateOfMembership &cert,bool
 			return;
 		}
 
-		SharedPtr<Peer> signer(RR->topology->getPeer(cert.signedBy()));
-
-		if (!signer) {
-			// This would be rather odd, since this is our controller... could happen
-			// if we get packets before we've gotten config.
-			RR->sw->requestWhois(cert.signedBy());
-			return;
-		}
-
-		if (!cert.verify(signer->identity())) {
+		// We are the controller: RR->identity.address() == controller() == cert.signedBy()
+		// So, verify that we signed th cert ourself
+		if (!cert.verify(RR->identity)) {
 			TRACE("rejected network membership certificate for %.16llx signed by %s: signature check failed",(unsigned long long)_id,cert.signedBy().toString().c_str());
 			return;
 		}