From e5c4219ee96bf05fdec819143aba35156583aff0 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 20 Jul 2018 13:34:14 -0400 Subject: [PATCH] Reorder certificate check First order of business is to verify certificate before even thinking about if the request is possible --- .../confluent/collective/manager.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/confluent_server/confluent/collective/manager.py b/confluent_server/confluent/collective/manager.py index 1af0af88..e85d39e8 100644 --- a/confluent_server/confluent/collective/manager.py +++ b/confluent_server/confluent/collective/manager.py @@ -350,6 +350,15 @@ def handle_connection(connection, cert, request, local=False): populate_collinfo(collinfo) tlvdata.send(connection, collinfo) if 'connect' == operation: + drone = request['name'] + droneinfo = cfm.get_collective_member(drone) + if not (droneinfo and util.cert_matches(droneinfo['fingerprint'], + cert)): + tlvdata.send(connection, + {'error': 'Invalid certificate, ' + 'redo invitation process'}) + connection.close() + return myself = connection.getsockname()[0] if myself != get_leader(connection): tlvdata.send( @@ -363,15 +372,6 @@ def handle_connection(connection, cert, request, local=False): 'backoff': True}) connection.close() return - drone = request['name'] - droneinfo = cfm.get_collective_member(drone) - if not (droneinfo and util.cert_matches(droneinfo['fingerprint'], - cert)): - tlvdata.send(connection, - {'error': 'Invalid certificate, ' - 'redo invitation process'}) - connection.close() - return if request['txcount'] > cfm._txcount: retire_as_leader() tlvdata.send(connection,