diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index b2ce7220eb..052da67632 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1008,7 +1008,7 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
                    safe_str_client(conn->_base.address);
   const char *conn_type = started_here ? "outgoing" : "incoming";
   crypto_pk_env_t *our_identity =
-    started_here ? get_client_identity_key() :
+    started_here ? get_tlsclient_identity_key() :
                    get_server_identity_key();
   int has_cert = 0, has_identity=0;
 
diff --git a/src/or/main.c b/src/or/main.c
index 927e931b9a..9bdbbc17a6 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -932,7 +932,7 @@ run_scheduled_events(time_t now)
   if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) {
     log_info(LD_GENERAL,"Rotating tls context.");
     if (tor_tls_context_init(public_server_mode(options),
-                             get_client_identity_key(),
+                             get_tlsclient_identity_key(),
                              is_server ? get_server_identity_key() : NULL,
                              MAX_SSL_KEY_LIFETIME) < 0) {
       log_warn(LD_BUG, "Error reinitializing TLS context");
diff --git a/src/or/router.c b/src/or/router.c
index a256970f90..a2adfe155e 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -163,11 +163,11 @@ set_client_identity_key(crypto_pk_env_t *k)
   client_identitykey = k;
 }
 
-/** Returns the current client identity key; requires that the key has
- * been set.
+/** Returns the current client identity key for use on outgoing TLS
+ * connections; requires that the key has been set.
  */
 crypto_pk_env_t *
-get_client_identity_key(void)
+get_tlsclient_identity_key(void)
 {
   tor_assert(client_identitykey);
   return client_identitykey;
@@ -503,7 +503,7 @@ init_keys(void)
     set_client_identity_key(prkey);
     /* Create a TLS context. */
     if (tor_tls_context_init(0,
-                             get_client_identity_key(),
+                             get_tlsclient_identity_key(),
                              NULL,
                              MAX_SSL_KEY_LIFETIME) < 0) {
       log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
@@ -599,7 +599,7 @@ init_keys(void)
 
   /* 3. Initialize link key and TLS context. */
   if (tor_tls_context_init(public_server_mode(options),
-                           get_client_identity_key(),
+                           get_tlsclient_identity_key(),
                            get_server_identity_key(),
                            MAX_SSL_KEY_LIFETIME) < 0) {
     log_err(LD_GENERAL,"Error initializing TLS context");
diff --git a/src/or/router.h b/src/or/router.h
index 125fa653d6..c5e7987dd6 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -18,7 +18,7 @@ void set_server_identity_key(crypto_pk_env_t *k);
 crypto_pk_env_t *get_server_identity_key(void);
 int server_identity_key_is_set(void);
 void set_client_identity_key(crypto_pk_env_t *k);
-crypto_pk_env_t *get_client_identity_key(void);
+crypto_pk_env_t *get_tlsclient_identity_key(void);
 int client_identity_key_is_set(void);
 authority_cert_t *get_my_v3_authority_cert(void);
 crypto_pk_env_t *get_my_v3_authority_signing_key(void);