diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-06-05 15:44:12 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-06-05 15:44:12 -0400 |
| commit | d1c1dc229e189cbf4e463b82751af007801a02eb (patch) | |
| tree | f4600f4663e62b0466c01da56dd3df6edccb2bb8 /src/or/connection_or.c | |
| parent | 7c54d2f3f0bcf483fd14dedb1a5dcbece6976411 (diff) | |
| parent | 9fea00928cb680f550a5ea9c64227efc025ea69b (diff) | |
| download | tor-d1c1dc229e189cbf4e463b82751af007801a02eb.tar.gz tor-d1c1dc229e189cbf4e463b82751af007801a02eb.zip | |
Merge branch 'maint-0.2.9' into maint-0.3.0
Diffstat (limited to 'src/or/connection_or.c')
| -rw-r--r-- | src/or/connection_or.c | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/src/or/connection_or.c b/src/or/connection_or.c index cefe42c4db..b9ac9b2c5d 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -2270,7 +2270,8 @@ add_ed25519_cert(certs_cell_t *certs_cell, int connection_or_send_certs_cell(or_connection_t *conn) { - const tor_x509_cert_t *link_cert = NULL, *id_cert = NULL; + const tor_x509_cert_t *global_link_cert = NULL, *id_cert = NULL; + tor_x509_cert_t *own_link_cert = NULL; var_cell_t *cell; certs_cell_t *certs_cell = NULL; @@ -2283,21 +2284,26 @@ connection_or_send_certs_cell(or_connection_t *conn) const int conn_in_server_mode = ! conn->handshake_state->started_here; /* Get the encoded values of the X509 certificates */ - if (tor_tls_get_my_certs(conn_in_server_mode, &link_cert, &id_cert) < 0) + if (tor_tls_get_my_certs(conn_in_server_mode, + &global_link_cert, &id_cert) < 0) return -1; - tor_assert(link_cert); + if (conn_in_server_mode) { + own_link_cert = tor_tls_get_own_cert(conn->tls); + } tor_assert(id_cert); certs_cell = certs_cell_new(); /* Start adding certs. First the link cert or auth1024 cert. */ if (conn_in_server_mode) { + tor_assert_nonfatal(own_link_cert); add_x509_cert(certs_cell, - OR_CERT_TYPE_TLS_LINK, link_cert); + OR_CERT_TYPE_TLS_LINK, own_link_cert); } else { + tor_assert(global_link_cert); add_x509_cert(certs_cell, - OR_CERT_TYPE_AUTH_1024, link_cert); + OR_CERT_TYPE_AUTH_1024, global_link_cert); } /* Next the RSA->RSA ID cert */ @@ -2344,6 +2350,7 @@ connection_or_send_certs_cell(or_connection_t *conn) connection_or_write_var_cell_to_buf(cell, conn); var_cell_free(cell); certs_cell_free(certs_cell); + tor_x509_cert_free(own_link_cert); return 0; } @@ -2484,10 +2491,10 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, memcpy(auth1_getarray_type(auth), authtype_str, 8); { - const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL; + const tor_x509_cert_t *id_cert=NULL; const common_digests_t *my_digests, *their_digests; const uint8_t *my_id, *their_id, *client_id, *server_id; - if (tor_tls_get_my_certs(server, &link_cert, &id_cert)) + if (tor_tls_get_my_certs(server, NULL, &id_cert)) goto err; my_digests = tor_x509_cert_get_id_digests(id_cert); their_digests = @@ -2542,13 +2549,11 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, { /* Digest of cert used on TLS link : 32 octets. */ - const tor_x509_cert_t *cert = NULL; - tor_x509_cert_t *freecert = NULL; + tor_x509_cert_t *cert = NULL; if (server) { - tor_tls_get_my_certs(1, &cert, NULL); + cert = tor_tls_get_own_cert(conn->tls); } else { - freecert = tor_tls_get_peer_cert(conn->tls); - cert = freecert; + cert = tor_tls_get_peer_cert(conn->tls); } if (!cert) { log_warn(LD_OR, "Unable to find cert when making %s data.", @@ -2559,8 +2564,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, memcpy(auth->scert, tor_x509_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32); - if (freecert) - tor_x509_cert_free(freecert); + tor_x509_cert_free(cert); } /* HMAC of clientrandom and serverrandom using master key : 32 octets */ |