-
YACOVM authored
When a peer gets a new config block and it contains CRLs, the gossip layer needs to be notified in order to close existing connections to peers that their certificates have been expired. If this is not done, then these peers are still forwarded data like peer membership and channel membership, because the connection is already open. This commit adds an ability to revoke identities by receiving a predicate function that: given an identity, it returns whether it is suspected of being revoked (i.e, the SN is found within some CRL of some MSP). Then- the gossip layer calls ValidateIdentity on the stored identity, and if it is found to be invalid- it: - deletes the identity from memory - closes an active connection to the peer, if such exists. Currently the implementation of that predicate is the naive/obvious one, that suspects all identities. In a future commit I'll (hopefully) add code that uses the CRLs themselves. Change-Id: I56d995a3720a736b1242b13a193f9a7933299345 Signed-off-by: Yacov Manevich <yacovm@il.ibm.com>
9d121662