Reorder certificate check

First order of business is to verify certificate before even thinking about if the request is possible
2026-01-11 18:42:29 +00:00 · 2018-07-20 13:34:14 -04:00
parent 3ff7e42074
commit e5c4219ee9
1 changed files with 9 additions and 9 deletions
--- a/confluent_server/confluent/collective/manager.py
+++ b/confluent_server/confluent/collective/manager.py
@@ -350,6 +350,15 @@ def handle_connection(connection, cert, request, local=False):
        populate_collinfo(collinfo)
        tlvdata.send(connection, collinfo)
    if 'connect' == operation:
+        drone = request['name']
+        droneinfo = cfm.get_collective_member(drone)
+        if not (droneinfo and util.cert_matches(droneinfo['fingerprint'],
+                                                cert)):
+            tlvdata.send(connection,
+                         {'error': 'Invalid certificate, '
+                                   'redo invitation process'})
+            connection.close()
+            return
        myself = connection.getsockname()[0]
        if myself != get_leader(connection):
            tlvdata.send(
@@ -363,15 +372,6 @@ def handle_connection(connection, cert, request, local=False):
                                      'backoff': True})
            connection.close()
            return
-        drone = request['name']
-        droneinfo = cfm.get_collective_member(drone)
-        if not (droneinfo and util.cert_matches(droneinfo['fingerprint'],
-                                                cert)):
-            tlvdata.send(connection,
-                         {'error': 'Invalid certificate, '
-                                   'redo invitation process'})
-            connection.close()
-            return
        if request['txcount'] > cfm._txcount:
            retire_as_leader()
            tlvdata.send(connection,