|  | @@ -2229,33 +2229,43 @@ int
 | 
	
		
			
				|  |  |  tor_tls_received_v3_certificate(tor_tls_t *tls)
 | 
	
		
			
				|  |  |  {
 | 
	
		
			
				|  |  |    X509 *cert = SSL_get_peer_certificate(tls->ssl);
 | 
	
		
			
				|  |  | -  EVP_PKEY *key;
 | 
	
		
			
				|  |  | +  EVP_PKEY *key = NULL;
 | 
	
		
			
				|  |  |    X509_NAME *issuer_name, *subject_name;
 | 
	
		
			
				|  |  | +  int is_v3 = 0;
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |    if (!cert) {
 | 
	
		
			
				|  |  |      log_warn(LD_BUG, "Called on a connection with no peer certificate");
 | 
	
		
			
				|  |  | -    return 0;
 | 
	
		
			
				|  |  | +    goto done;
 | 
	
		
			
				|  |  |    }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |    subject_name = X509_get_subject_name(cert);
 | 
	
		
			
				|  |  |    issuer_name = X509_get_issuer_name(cert);
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -  if (X509_name_cmp(subject_name, issuer_name) == 0)
 | 
	
		
			
				|  |  | -    return 1; /* purportedly self signed */
 | 
	
		
			
				|  |  | +  if (X509_name_cmp(subject_name, issuer_name) == 0) {
 | 
	
		
			
				|  |  | +    is_v3 = 1; /* purportedly self signed */
 | 
	
		
			
				|  |  | +    goto done;
 | 
	
		
			
				|  |  | +  }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |    if (dn_indicates_v3_cert(subject_name) ||
 | 
	
		
			
				|  |  | -      dn_indicates_v3_cert(issuer_name))
 | 
	
		
			
				|  |  | -    return 1; /* DN is fancy */
 | 
	
		
			
				|  |  | +      dn_indicates_v3_cert(issuer_name)) {
 | 
	
		
			
				|  |  | +    is_v3 = 1; /* DN is fancy */
 | 
	
		
			
				|  |  | +    goto done;
 | 
	
		
			
				|  |  | +  }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |    key = X509_get_pubkey(cert);
 | 
	
		
			
				|  |  |    if (EVP_PKEY_bits(key) != 1024 ||
 | 
	
		
			
				|  |  |        EVP_PKEY_type(key->type) != EVP_PKEY_RSA) {
 | 
	
		
			
				|  |  | -    EVP_PKEY_free(key);
 | 
	
		
			
				|  |  | -    return 1; /* Key is fancy */
 | 
	
		
			
				|  |  | +    is_v3 = 1; /* Key is fancy */
 | 
	
		
			
				|  |  | +    goto done;
 | 
	
		
			
				|  |  |    }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -  EVP_PKEY_free(key);
 | 
	
		
			
				|  |  | -  return 0;
 | 
	
		
			
				|  |  | + done:
 | 
	
		
			
				|  |  | +  if (key)
 | 
	
		
			
				|  |  | +    EVP_PKEY_free(key);
 | 
	
		
			
				|  |  | +  if (cert)
 | 
	
		
			
				|  |  | +    X509_free(cert);
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +  return is_v3;
 | 
	
		
			
				|  |  |  }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  /** Return the number of server handshakes that we've noticed doing on
 |