diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-05-31 19:12:32 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-06-05 15:27:33 -0400 |
| commit | 50facb40bb42e070b858ca052edccd0f3a5b83b5 (patch) | |
| tree | 0a17e683cc6f570efec5a09861be5c1ab7bb7a27 /src/common/tortls.c | |
| parent | ec61ae59a5d009a9e80f3bfa9a2aa5f5dfa05551 (diff) | |
| download | tor-50facb40bb42e070b858ca052edccd0f3a5b83b5.tar.gz tor-50facb40bb42e070b858ca052edccd0f3a5b83b5.zip | |
On v3 link handshake, send the correct link certificate
Previously we'd send the _current_ link certificate, which would
cause a handshaking failure when the TLS context rotated.
Diffstat (limited to 'src/common/tortls.c')
| -rw-r--r-- | src/common/tortls.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 62ed5be344..055b4686e5 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -2021,6 +2021,24 @@ tor_tls_get_peer_cert,(tor_tls_t *tls)) return tor_x509_cert_new(cert); } +/** Return the cerficate we used on the connection, or NULL if somehow + * we didn't use one. */ +tor_x509_cert_t * +tor_tls_get_own_cert(tor_tls_t *tls) +{ + X509 *cert = SSL_get_certificate(tls->ssl); + tls_log_errors(tls, LOG_WARN, LD_HANDSHAKE, + "getting own-connection certificate"); + if (!cert) + return NULL; + /* Fun inconsistency: SSL_get_peer_certificate increments the reference + * count, but SSL_get_certificate does not. */ + X509 *duplicate = X509_dup(cert); + if (BUG(duplicate == NULL)) + return NULL; + return tor_x509_cert_new(duplicate); +} + /** Warn that a certificate lifetime extends through a certain range. */ static void log_cert_lifetime(int severity, const X509 *cert, const char *problem) |