From 6505d529a5cc669ee723d818a614fe7663e5c0ea Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 7 Oct 2015 10:10:08 -0400
Subject: [PATCH] Remove client-side support for detecting v1 handshake

Fixes more of 11150
---
 src/common/tortls.c    | 22 +++-------------------
 src/or/connection_or.c |  7 +++----
 2 files changed, 6 insertions(+), 23 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 62d8cab50f..4321330708 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1941,25 +1941,9 @@ tor_tls_finish_handshake(tor_tls_t *tls)
       tls->wasV2Handshake = 0;
     }
   } else {
-#if 1111
-    /* XXXXXXXX remove v1 detection support, NM! */
-    /* If we got no ID cert, we're a v2 handshake. */
-    X509 *cert = SSL_get_peer_certificate(tls->ssl);
-    STACK_OF(X509) *chain = SSL_get_peer_cert_chain(tls->ssl);
-    int n_certs = sk_X509_num(chain);
-    if (n_certs > 1 || (n_certs == 1 && cert != sk_X509_value(chain, 0))) {
-      log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it "
-                "looks like a v1 handshake on %p", tls);
-      tls->wasV2Handshake = 0;
-    } else {
-      log_debug(LD_HANDSHAKE,
-                "Server sent back a single certificate; looks like "
-                "a v2 handshake on %p.", tls);
-      tls->wasV2Handshake = 1;
-    }
-    if (cert)
-      X509_free(cert);
-#endif
+    /* Client-side */
+    tls->wasV2Handshake = 1;
+    /* XXXX this can move, probably? -NM */
     if (SSL_set_cipher_list(tls->ssl, SERVER_CIPHER_LIST) == 0) {
       tls_log_errors(NULL, LOG_WARN, LD_HANDSHAKE, "re-setting ciphers");
       r = TOR_TLS_ERROR_MISC;
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 8e12aa0cea..c08dc4bd12 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1783,11 +1783,10 @@ connection_tls_finish_handshake(or_connection_t *conn)
   circuit_build_times_network_is_live(get_circuit_build_times_mutable());
 
   if (tor_tls_used_v1_handshake(conn->tls)) {
+    tor_assert(!started_here);
     conn->link_proto = 1;
-    if (!started_here) {
-      connection_or_init_conn_from_address(conn, &conn->base_.addr,
-                                           conn->base_.port, digest_rcvd, 0);
-    }
+    connection_or_init_conn_from_address(conn, &conn->base_.addr,
+                                         conn->base_.port, digest_rcvd, 0);
     tor_tls_block_renegotiation(conn->tls);
     rep_hist_note_negotiated_link_proto(1, started_here);
     return connection_or_set_state_open(conn);