Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.

author: Adam Ierymenko <[email protected]> 2021-09-20 18:26:49 -0400
committer: Grant Limberg <[email protected]> 2021-09-20 15:40:55 -0700
commit: 134d33c2181e5a2b783a0503313b1a03dd89d863 (patch)
tree: 36699d835adaac488ddd484330863725eeb7d7bf /controller/EmbeddedNetworkController.cpp
parent: 9cfb807fcb1079a7e7016be67157ff9123b20ff6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index 99d59aee..ea70cb3a 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -1801,7 +1801,7 @@ void EmbeddedNetworkController::_request(
 		nc->certificateOfOwnershipCount = 1;
 	}
 
-	CertificateOfMembership com(now,credentialtmd,nwid,identity.address());
+	CertificateOfMembership com(now,credentialtmd,nwid,identity);
 	if (com.sign(_signingId)) {
 		nc->com = com;
 	} else {
author	Adam Ierymenko <[email protected]>	2021-09-20 18:26:49 -0400
committer	Grant Limberg <[email protected]>	2021-09-20 15:40:55 -0700
commit	134d33c2181e5a2b783a0503313b1a03dd89d863 (patch)
tree	36699d835adaac488ddd484330863725eeb7d7bf /controller/EmbeddedNetworkController.cpp
parent	9cfb807fcb1079a7e7016be67157ff9123b20ff6 (diff)