1 files changed, 12 insertions, 2 deletions

diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index d758d22d82..f751c0da99 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1262,8 +1262,8 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
     const int send_versions = !started_here;
     /* If we want to authenticate, send a CERTS cell */
     const int send_certs = !started_here || public_server_mode(get_options());
-    /* If we're a relay that got a connection, ask for authentication. */
-    const int send_chall = !started_here && public_server_mode(get_options());
+    /* If we're a host that got a connection, ask for authentication. */
+    const int send_chall = !started_here;
     /* If our certs cell will authenticate us, we can send a netinfo cell
      * right now. */
     const int send_netinfo = !started_here;
@@ -1474,6 +1474,16 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
   /* XXX maybe act on my_apparent_addr, if the source is sufficiently
    * trustworthy. */
 
+  if (! chan->conn->handshake_state->sent_netinfo) {
+    /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
+     * cell, then we would not previously have sent a NETINFO cell. Do so
+     * now. */
+    if (connection_or_send_netinfo(chan->conn) < 0) {
+      connection_or_close_for_error(chan->conn, 0);
+      return;
+    }
+  }
+
   if (connection_or_set_state_open(chan->conn) < 0) {
     log_fn(LOG_PROTOCOL_WARN, LD_OR,
            "Got good NETINFO cell from %s:%d; but "