aboutsummaryrefslogtreecommitdiff
path: root/src/or/connection_or.c
diff options
context:
space:
mode:
authorRobert Ransom <rransom.8774@gmail.com>2010-10-03 22:38:53 -0700
committerRobert Ransom <rransom.8774@gmail.com>2010-10-04 21:51:53 -0700
commita2bb0bfdd5731ef3cebf6e14fa7bebb98d5f2d8f (patch)
tree79ff1358306000c378f020da4bdb3a0483e38bb1 /src/or/connection_or.c
parent17efbe031d4b96d872b2e0bdf3785b232f49bf44 (diff)
downloadtor-a2bb0bfdd5731ef3cebf6e14fa7bebb98d5f2d8f.tar.gz
tor-a2bb0bfdd5731ef3cebf6e14fa7bebb98d5f2d8f.zip
Maintain separate server and client identity keys when appropriate.
Fixes a bug described in ticket #988.
Diffstat (limited to 'src/or/connection_or.c')
-rw-r--r--src/or/connection_or.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 09f310a3df..b2ce7220eb 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1007,6 +1007,9 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
started_here ? conn->_base.address :
safe_str_client(conn->_base.address);
const char *conn_type = started_here ? "outgoing" : "incoming";
+ crypto_pk_env_t *our_identity =
+ started_here ? get_client_identity_key() :
+ get_server_identity_key();
int has_cert = 0, has_identity=0;
check_no_tls_errors();
@@ -1044,7 +1047,7 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
if (identity_rcvd) {
has_identity = 1;
crypto_pk_get_digest(identity_rcvd, digest_rcvd_out);
- if (crypto_pk_cmp_keys(get_identity_key(), identity_rcvd)<0) {
+ if (crypto_pk_cmp_keys(our_identity, identity_rcvd)<0) {
conn->circ_id_type = CIRC_ID_TYPE_LOWER;
} else {
conn->circ_id_type = CIRC_ID_TYPE_HIGHER;
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion