diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-08-20 17:42:38 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-08-20 17:42:38 -0400 |
| commit | c1f476a3d59a66e39302b51f6f937aabf0b3a0d5 (patch) | |
| tree | 55dc822135cd545e63ffd42e4335cb637dab1cb1 | |
| parent | 4c355ff18544783a5a283f7660bcdca6cf93062b (diff) | |
| download | tor-c1f476a3d59a66e39302b51f6f937aabf0b3a0d5.tar.gz tor-c1f476a3d59a66e39302b51f6f937aabf0b3a0d5.zip | |
Use our x509 wrapper code in tor_tls_cert_matches_key()
This allows us to mock our own tor_tls_get_peer_certificate()
function in order to test ..cert_matches_key(), which will in turn
allow us to simplify test_tortls_cert_matches_key() considerably.
Prep work for the fix for 27226.
| -rw-r--r-- | src/common/tortls.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index a4e188603c..4cbe8b10e5 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -857,18 +857,20 @@ tor_tls_cert_get_key(tor_x509_cert_t *cert) MOCK_IMPL(int, tor_tls_cert_matches_key,(const tor_tls_t *tls, const tor_x509_cert_t *cert)) { - X509 *peercert = SSL_get_peer_certificate(tls->ssl); + tor_x509_cert_t *peer = tor_tls_get_peer_cert((tor_tls_t *)tls); + if (!peer) + return 0; + + X509 *peercert = peer->cert; EVP_PKEY *link_key = NULL, *cert_key = NULL; int result; - if (!peercert) - return 0; link_key = X509_get_pubkey(peercert); cert_key = X509_get_pubkey(cert->cert); result = link_key && cert_key && EVP_PKEY_cmp(cert_key, link_key) == 1; - X509_free(peercert); + tor_x509_cert_free(peer); if (link_key) EVP_PKEY_free(link_key); if (cert_key) |