From e5bdfd66cf03e8410c511f6dcf309142c64c85f5 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 5 Jun 2017 09:35:55 -0400
Subject: [PATCH] Make code more clear about own_link_cert safety

It's okay to call add_ed25519_cert with a NULL argument: so,
document that.  Also, add a tor_assert_nonfatal() to catch any case
where we have failed to set own_link_cert when conn_in_server_mode.
---
 src/or/connection_or.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 0966ec8acb..9c806d1be9 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2238,7 +2238,8 @@ add_certs_cell_cert_helper(certs_cell_t *certs_cell,
 
 /** Add an encoded X509 cert (stored as <b>cert_len</b> bytes at
  * <b>cert_encoded</b>) to the trunnel certs_cell_t object that we are
- * building in <b>certs_cell</b>.  Set its type field to <b>cert_type</b>. */
+ * building in <b>certs_cell</b>.  Set its type field to <b>cert_type</b>.
+ * (If <b>cert</b> is NULL, take no action.) */
 static void
 add_x509_cert(certs_cell_t *certs_cell,
               uint8_t cert_type,
@@ -2256,7 +2257,7 @@ add_x509_cert(certs_cell_t *certs_cell,
 
 /** Add an Ed25519 cert from <b>cert</b> to the trunnel certs_cell_t object
  * that we are building in <b>certs_cell</b>.  Set its type field to
- * <b>cert_type</b>. */
+ * <b>cert_type</b>. (If <b>cert</b> is NULL, take no action.) */
 static void
 add_ed25519_cert(certs_cell_t *certs_cell,
                  uint8_t cert_type,
@@ -2313,6 +2314,7 @@ connection_or_send_certs_cell(or_connection_t *conn)
                    CERTTYPE_ED_ID_SIGN,
                    get_master_signing_key_cert());
   if (conn_in_server_mode) {
+    tor_assert_nonfatal(conn->handshake_state->own_link_cert);
     add_ed25519_cert(certs_cell,
                      CERTTYPE_ED_SIGN_LINK,
                      conn->handshake_state->own_link_cert);