[tor-commits] [tor/release-0.3.2] Use our x509 wrapper code in tor_tls_cert_matches_key()

[nickm at torproject.org]

commit c1f476a3d59a66e39302b51f6f937aabf0b3a0d5
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Aug 20 17:42:38 2018 -0400

    Use our x509 wrapper code in tor_tls_cert_matches_key()
    
    This allows us to mock our own tor_tls_get_peer_certificate()
    function in order to test ..cert_matches_key(), which will in turn
    allow us to simplify test_tortls_cert_matches_key() considerably.
    
    Prep work for the fix for 27226.
---
 src/common/tortls.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index a4e188603..4cbe8b10e 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -857,18 +857,20 @@ tor_tls_cert_get_key(tor_x509_cert_t *cert)
 MOCK_IMPL(int,
 tor_tls_cert_matches_key,(const tor_tls_t *tls, const tor_x509_cert_t *cert))
 {
-  X509 *peercert = SSL_get_peer_certificate(tls->ssl);
+  tor_x509_cert_t *peer = tor_tls_get_peer_cert((tor_tls_t *)tls);
+  if (!peer)
+    return 0;
+
+  X509 *peercert = peer->cert;
   EVP_PKEY *link_key = NULL, *cert_key = NULL;
   int result;
 
-  if (!peercert)
-    return 0;
   link_key = X509_get_pubkey(peercert);
   cert_key = X509_get_pubkey(cert->cert);
 
   result = link_key && cert_key && EVP_PKEY_cmp(cert_key, link_key) == 1;
 
-  X509_free(peercert);
+  tor_x509_cert_free(peer);
   if (link_key)
     EVP_PKEY_free(link_key);
   if (cert_key)