On v3 link handshake, send the correct link certificate

  return tor_x509_cert_new(cert);

}

/** Return the cerficate we used on the connection, or NULL if somehow

 * we didn't use one. */

tor_x509_cert_t *

tor_tls_get_own_cert(tor_tls_t *tls)

{

  X509 *cert = SSL_get_certificate(tls->ssl);

  tls_log_errors(tls, LOG_WARN, LD_HANDSHAKE,

                 "getting own-connection certificate");

  if (!cert)

    return NULL;

  /* Fun inconsistency: SSL_get_peer_certificate increments the reference

   * count, but SSL_get_certificate does not. */

  X509 *duplicate = X509_dup(cert);

  if (BUG(duplicate == NULL))

    return NULL;

  return tor_x509_cert_new(duplicate);

}

/** Warn that a certificate lifetime extends through a certain range. */

static void

log_cert_lifetime(int severity, const X509 *cert, const char *problem)

void tor_tls_free(tor_tls_t *tls);

int tor_tls_peer_has_cert(tor_tls_t *tls);

MOCK_DECL(tor_x509_cert_t *,tor_tls_get_peer_cert,(tor_tls_t *tls));

tor_x509_cert_t *tor_tls_get_own_cert(tor_tls_t *tls);

int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);

int tor_tls_check_lifetime(int severity,

                           tor_tls_t *tls, int past_tolerance,

int

connection_or_send_certs_cell(or_connection_t *conn)

{

  const tor_x509_cert_t *link_cert = NULL, *id_cert = NULL;

  const tor_x509_cert_t *global_link_cert = NULL, *id_cert = NULL,

    *using_link_cert = NULL;

  tor_x509_cert_t *own_link_cert = NULL;

  const uint8_t *link_encoded = NULL, *id_encoded = NULL;

  size_t link_len, id_len;

  var_cell_t *cell;

  if (! conn->handshake_state)

    return -1;

  const int conn_in_server_mode = ! conn->handshake_state->started_here;

  if (tor_tls_get_my_certs(conn_in_server_mode, &link_cert, &id_cert) < 0)

  if (tor_tls_get_my_certs(conn_in_server_mode,

                           &global_link_cert, &id_cert) < 0)

    return -1;

  tor_x509_cert_get_der(link_cert, &link_encoded, &link_len);

  if (conn_in_server_mode) {

    using_link_cert = own_link_cert = tor_tls_get_own_cert(conn->tls);

  } else {

    using_link_cert = global_link_cert;

  }

  tor_x509_cert_get_der(using_link_cert, &link_encoded, &link_len);

  tor_x509_cert_get_der(id_cert, &id_encoded, &id_len);

  cell_len = 1 /* 1 byte: num certs in cell */ +

  connection_or_write_var_cell_to_buf(cell, conn);

  var_cell_free(cell);

  tor_x509_cert_free(own_link_cert);

  return 0;

}

  memcpy(auth1_getarray_type(auth), "AUTH0001", 8);

  {

    const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL;

    const tor_x509_cert_t *id_cert=NULL;

    const common_digests_t *my_digests, *their_digests;

    const uint8_t *my_id, *their_id, *client_id, *server_id;

    if (tor_tls_get_my_certs(server, &link_cert, &id_cert))

    if (tor_tls_get_my_certs(server, NULL, &id_cert))

      goto err;

    my_digests = tor_x509_cert_get_id_digests(id_cert);

    their_digests =

  {

    /* Digest of cert used on TLS link : 32 octets. */

    const tor_x509_cert_t *cert = NULL;

    tor_x509_cert_t *freecert = NULL;

    tor_x509_cert_t *cert = NULL;

    if (server) {

      tor_tls_get_my_certs(1, &cert, NULL);

      cert = tor_tls_get_own_cert(conn->tls);

    } else {

      freecert = tor_tls_get_peer_cert(conn->tls);

      cert = freecert;

      cert = tor_tls_get_peer_cert(conn->tls);

    }

    if (!cert) {

      log_warn(LD_OR, "Unable to find cert when making AUTH1 data.");

    memcpy(auth->scert,

           tor_x509_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32);

    if (freecert)

      tor_x509_cert_free(freecert);

    tor_x509_cert_free(cert);

  }

  /* HMAC of clientrandom and serverrandom using master key : 32 octets */