github/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/ZeroTier/ZeroTierOne synced 2025-08-23 06:35:49 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Partially revert previous commit. That solved self signed, but

Browse source 
broke certs signed by other controllers.
This commit is contained in:
Kees Bos 2015-06-24 08:00:50 +02:00
commit 9e1a384edf
1 changed files with 22 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

17
node/Network.cpp
View file

@ -286,13 +286,30 @@ void Network::addMembershipCertificate(const CertificateOfMembership &cert,bool
return; return;
} }
if (cert.signedBy() == RR->identity.address()) {
// We are the controller: RR->identity.address() == controller() == cert.signedBy() // We are the controller: RR->identity.address() == controller() == cert.signedBy()
// So, verify that we signed th cert ourself // So, verify that we signed th cert ourself
if (!cert.verify(RR->identity)) { if (!cert.verify(RR->identity)) {
TRACE("rejected network membership certificate for %.16llx self signed by %s: signature check failed",(unsigned long long)_id,cert.signedBy().toString().c_str());
return;
}
} else {
SharedPtr<Peer> signer(RR->topology->getPeer(cert.signedBy()));
if (!signer) {
// This would be rather odd, since this is our controller... could happen
// if we get packets before we've gotten config.
RR->sw->requestWhois(cert.signedBy());
return;
}
if (!cert.verify(signer->identity())) {
TRACE("rejected network membership certificate for %.16llx signed by %s: signature check failed",(unsigned long long)_id,cert.signedBy().toString().c_str()); TRACE("rejected network membership certificate for %.16llx signed by %s: signature check failed",(unsigned long long)_id,cert.signedBy().toString().c_str());
return; return;
} }
} }
}
// If we made it past authentication, update cert // If we made it past authentication, update cert
if (cert.revision() != old.revision()) if (cert.revision() != old.revision())