Home Explore Help
Sign In
cpp
/
ZeroTierOne
mirror of https://github.com/zerotier/ZeroTierOne
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Optimization: we don't need to verify signatures on certs if they're certs we already have and have verified.

Adam Ierymenko 10 years ago
parent
c61e9c0ef9
commit
7b6f10e859
1 changed files with 9 additions and 3 deletions
Unified View Show Diff Stats
  1. 9 3
      node/Network.cpp

+ 9 - 3
node/Network.cpp
View File 

@@ -311,6 +311,14 @@ void Network::addMembershipCertificate(const CertificateOfMembership &cert,bool
 
 	if (!cert) // sanity check
 
 	if (!cert) // sanity check
 
 		return;
 
 		return;
 
 
 
+	Mutex::Lock _l(_lock);
 
+	CertificateOfMembership &old = _membershipCertificates[cert.issuedTo()];
 
+
 
+	// Nothing to do if the cert hasn't changed -- we get duplicates due to zealous cert pushing
 
+	if (old == cert)
 
+		return;
 
+
 
+	// Check signature, log and return if cert is invalid
 
 	if (!forceAccept) {
 
 	if (!forceAccept) {
 
 		if (cert.signedBy() != controller()) {
 
 		if (cert.signedBy() != controller()) {
 
 			LOG("rejected network membership certificate for %.16llx signed by %s: signer not a controller of this network",(unsigned long long)_id,cert.signedBy().toString().c_str());
 
 			LOG("rejected network membership certificate for %.16llx signed by %s: signer not a controller of this network",(unsigned long long)_id,cert.signedBy().toString().c_str());
 
@@ -332,9 +340,7 @@ void Network::addMembershipCertificate(const CertificateOfMembership &cert,bool
 
 		}
 
 		}
 
 	}
 
 	}
 
 
 
-	Mutex::Lock _l(_lock);
 
-
 
-	CertificateOfMembership &old = _membershipCertificates[cert.issuedTo()];
 
+	// If we made it past authentication, update cert
 
 	if (cert.timestamp() >= old.timestamp())
 
 	if (cert.timestamp() >= old.timestamp())
 
 		old = cert;
 
 		old = cert;
 
 }
 
 }