diff --git a/changes/bug4360 b/changes/bug4360
new file mode 100644
index 0000000000..93afa8204d
--- /dev/null
+++ b/changes/bug4360
@@ -0,0 +1,3 @@
+ o Code simplification and refactoring:
+ - Use the name "CERTS" consistently to refer to the new cell type;
+ we were calling it CERT in some places and CERTS in others.
diff --git a/src/or/command.c b/src/or/command.c
index 535c2ef435..023f2bead5 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -49,7 +49,7 @@ uint64_t stats_n_netinfo_cells_processed = 0;
/** How many CELL_VPADDING cells have we received, ever? */
uint64_t stats_n_vpadding_cells_processed = 0;
/** How many CELL_CERTS cells have we received, ever? */
-uint64_t stats_n_cert_cells_processed = 0;
+uint64_t stats_n_certs_cells_processed = 0;
/** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
uint64_t stats_n_auth_challenge_cells_processed = 0;
/** How many CELL_AUTHENTICATE cells have we received, ever? */
@@ -63,7 +63,7 @@ static void command_process_destroy_cell(cell_t *cell, or_connection_t *conn);
static void command_process_versions_cell(var_cell_t *cell,
or_connection_t *conn);
static void command_process_netinfo_cell(cell_t *cell, or_connection_t *conn);
-static void command_process_cert_cell(var_cell_t *cell,
+static void command_process_certs_cell(var_cell_t *cell,
or_connection_t *conn);
static void command_process_auth_challenge_cell(var_cell_t *cell,
or_connection_t *conn);
@@ -214,19 +214,19 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn)
#ifdef KEEP_TIMING_STATS
/* how many of each cell have we seen so far this second? needs better
* name. */
- static int num_versions=0, num_cert=0;
+ static int num_versions=0, num_certs=0;
time_t now = time(NULL);
if (now > current_second) { /* the second has rolled over */
/* print stats */
log_info(LD_OR,
- "At end of second: %d versions (%d ms), %d cert (%d ms)",
+ "At end of second: %d versions (%d ms), %d certs (%d ms)",
num_versions, versions_time/1000,
- cert, cert_time/1000);
+ num_certs, certs_time/1000);
- num_versions = num_cert = 0;
- versions_time = cert_time = 0;
+ num_versions = num_certs = 0;
+ versions_time = certs_time = 0;
/* remember which second it is, for next time */
current_second = now;
@@ -293,9 +293,9 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn)
++stats_n_vpadding_cells_processed;
/* Do nothing */
break;
- case CELL_CERT:
- ++stats_n_cert_cells_processed;
- PROCESS_CELL(cert, cell, conn);
+ case CELL_CERTS:
+ ++stats_n_certs_cells_processed;
+ PROCESS_CELL(certs, cell, conn);
break;
case CELL_AUTH_CHALLENGE:
++stats_n_auth_challenge_cells_processed;
@@ -719,8 +719,8 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
}
}
if (send_certs) {
- if (connection_or_send_cert_cell(conn) < 0) {
- log_warn(LD_OR, "Couldn't send cert cell");
+ if (connection_or_send_certs_cell(conn) < 0) {
+ log_warn(LD_OR, "Couldn't send certs cell");
connection_mark_for_close(TO_CONN(conn));
return;
}
@@ -887,9 +887,9 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
assert_connection_ok(TO_CONN(conn),time(NULL));
}
-/** Process a CERT cell from an OR connection.
+/** Process a CERTS cell from an OR connection.
*
- * If the other side should not have sent us a CERT cell, or the cell is
+ * If the other side should not have sent us a CERTS cell, or the cell is
* malformed, or it is supposed to authenticate the TLS key but it doesn't,
* then mark the connection.
*
@@ -899,12 +899,12 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
* If it's the server side, wait for an AUTHENTICATE cell.
*/
static void
-command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
+command_process_certs_cell(var_cell_t *cell, or_connection_t *conn)
{
#define ERR(s) \
do { \
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
- "Received a bad CERT cell from %s:%d: %s", \
+ "Received a bad CERTS cell from %s:%d: %s", \
safe_str(conn->_base.address), conn->_base.port, (s)); \
connection_mark_for_close(TO_CONN(conn)); \
goto err; \
@@ -921,7 +921,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
ERR("We're not doing a v3 handshake!");
if (conn->link_proto < 3)
ERR("We're not using link protocol >= 3");
- if (conn->handshake_state->received_cert_cell)
+ if (conn->handshake_state->received_certs_cell)
ERR("We already got one");
if (conn->handshake_state->authenticated) {
/* Should be unreachable, but let's make sure. */
@@ -951,7 +951,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);
if (!cert) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
- "Received undecodable certificate in CERT cell from %s:%d",
+ "Received undecodable certificate in CERTS cell from %s:%d",
safe_str(conn->_base.address), conn->_base.port);
} else {
if (cert_type == OR_CERT_TYPE_TLS_LINK) {
@@ -1050,7 +1050,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
id_cert = auth_cert = NULL;
}
- conn->handshake_state->received_cert_cell = 1;
+ conn->handshake_state->received_certs_cell = 1;
err:
tor_cert_free(id_cert);
tor_cert_free(link_cert);
@@ -1064,7 +1064,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
* originator of the connection), or it's ill-formed, or we aren't doing a v3
* handshake, mark the connection. If the cell is well-formed but we don't
* want to authenticate, just drop it. If the cell is well-formed *and* we
- * want to authenticate, send an AUTHENTICATE cell. */
+ * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell. */
static void
command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn)
{
@@ -1088,7 +1088,7 @@ command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn)
ERR("We didn't originate this connection");
if (conn->handshake_state->received_auth_challenge)
ERR("We already received one");
- if (! conn->handshake_state->received_cert_cell)
+ if (! conn->handshake_state->received_certs_cell)
ERR("We haven't gotten a CERTS cell yet");
if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2)
ERR("It was too short");
@@ -1146,7 +1146,7 @@ command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn)
* If it's ill-formed or we weren't supposed to get one or we're not doing a
* v3 handshake, then mark the connection. If it does not authenticate the
* other side of the connection successfully (because it isn't signed right,
- * we didn't get a CERT cell, etc) mark the connection. Otherwise, accept
+ * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept
* the identity of the router on the other side of the connection.
*/
static void
@@ -1177,8 +1177,8 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
/* Should be impossible given other checks */
ERR("The peer is already authenticated");
}
- if (! conn->handshake_state->received_cert_cell)
- ERR("We never got a cert cell");
+ if (! conn->handshake_state->received_certs_cell)
+ ERR("We never got a certs cell");
if (conn->handshake_state->auth_cert == NULL)
ERR("We never got an authentication certificate");
if (conn->handshake_state->id_cert == NULL)
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 320d8cb501..cce99e4d65 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1435,7 +1435,7 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
* side of conn is peer_id. For v1 and v2 handshakes,
* this is right after we get a certificate chain in a TLS handshake
* or renegotiation. For v3 handshakes, this is right after we get a
- * certificate chain in a CERT cell.
+ * certificate chain in a CERTS cell.
*
* If we want any particular ID before, record the one we got.
*
@@ -1954,10 +1954,10 @@ connection_or_send_netinfo(or_connection_t *conn)
return 0;
}
-/** Send a CERT cell on the connection conn. Return 0 on success, -1
+/** Send a CERTS cell on the connection conn. Return 0 on success, -1
* on failure. */
int
-connection_or_send_cert_cell(or_connection_t *conn)
+connection_or_send_certs_cell(or_connection_t *conn)
{
const tor_cert_t *link_cert = NULL, *id_cert = NULL;
const uint8_t *link_encoded = NULL, *id_encoded = NULL;
@@ -1981,7 +1981,7 @@ connection_or_send_cert_cell(or_connection_t *conn)
2 * ( 1 + 2 ) /* For each cert: 1 byte for type, 2 for length */ +
link_len + id_len;
cell = var_cell_new(cell_len);
- cell->command = CELL_CERT;
+ cell->command = CELL_CERTS;
cell->payload[0] = 2;
pos = 1;
diff --git a/src/or/connection_or.h b/src/or/connection_or.h
index df009ab39e..62a15b1cf2 100644
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@@ -69,7 +69,7 @@ int connection_or_send_destroy(circid_t circ_id, or_connection_t *conn,
int reason);
int connection_or_send_versions(or_connection_t *conn, int v3_plus);
int connection_or_send_netinfo(or_connection_t *conn);
-int connection_or_send_cert_cell(or_connection_t *conn);
+int connection_or_send_certs_cell(or_connection_t *conn);
int connection_or_send_auth_challenge_cell(or_connection_t *conn);
int connection_or_compute_authenticate_cell_body(or_connection_t *conn,
uint8_t *out, size_t outlen,
diff --git a/src/or/or.h b/src/or/or.h
index e4f9b9b2b6..259ae5c989 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -826,7 +826,7 @@ typedef enum {
#define CELL_RELAY_EARLY 9
#define CELL_VPADDING 128
-#define CELL_CERT 129
+#define CELL_CERTS 129
#define CELL_AUTH_CHALLENGE 130
#define CELL_AUTHENTICATE 131
@@ -1088,10 +1088,10 @@ typedef struct listener_connection_t {
#define OR_AUTH_CHALLENGE_LEN 32
/**
- * @name Certificate types for CERT cells.
+ * @name Certificate types for CERTS cells.
*
* These values are defined by the protocol, and affect how an X509
- * certificate in a CERT cell is interpreted and used.
+ * certificate in a CERTS cell is interpreted and used.
*
* @{ */
/** A certificate that authenticates a TLS link key. The subject key
@@ -1137,8 +1137,8 @@ typedef struct or_handshake_state_t {
unsigned int received_versions : 1;
/** True iff we have received and processed an AUTH_CHALLENGE cell */
unsigned int received_auth_challenge : 1;
- /** True iff we have received and processed a CERT cell. */
- unsigned int received_cert_cell : 1;
+ /** True iff we have received and processed a CERTS cell. */
+ unsigned int received_certs_cell : 1;
/** True iff we have received and processed an AUTHENTICATE cell */
unsigned int received_authenticate : 1;
@@ -1171,7 +1171,7 @@ typedef struct or_handshake_state_t {
crypto_digest_env_t *digest_received;
/** @} */
- /** Certificates that a connection initiator sent us in a CERT cell; we're
+ /** Certificates that a connection initiator sent us in a CERTS cell; we're
* holding on to them until we get an AUTHENTICATE cell.
*
* @{