ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-01-18 18:56:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Optimization: we don't need to verify signatures on certs if they're certs we already have and have verified.

Browse Source
This commit is contained in:
Adam Ierymenko 2014-11-13 12:40:51 -08:00
parent c61e9c0ef9
commit 7b6f10e859
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
node/Network.cpp
View File

@ -311,6 +311,14 @@ void Network::addMembershipCertificate(const CertificateOfMembership &cert,bool
if (!cert) // sanity check
return;
Mutex::Lock _l(_lock);
CertificateOfMembership &old = _membershipCertificates[cert.issuedTo()];
// Nothing to do if the cert hasn't changed -- we get duplicates due to zealous cert pushing
if (old == cert)
return;
// Check signature, log and return if cert is invalid
if (!forceAccept) {
if (cert.signedBy() != controller()) {
LOG("rejected network membership certificate for %.16llx signed by %s: signer not a controller of this network",(unsigned long long)_id,cert.signedBy().toString().c_str());
@ -332,9 +340,7 @@ void Network::addMembershipCertificate(const CertificateOfMembership &cert,bool
}
}
Mutex::Lock _l(_lock);
CertificateOfMembership &old = _membershipCertificates[cert.issuedTo()];
// If we made it past authentication, update cert
if (cert.timestamp() >= old.timestamp())
old = cert;
}