Avoid another instance of pulling the key out of the certificate

3 files changed, 7 insertions, 9 deletions

diff --git a/src/tls/msg_client_kex.cpp b/src/tls/msg_client_kex.cpp
index d129969a9..b5539d550 100644
--- a/src/tls/msg_client_kex.cpp
+++ b/src/tls/msg_client_kex.cpp
@@ -51,7 +51,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
                                          Handshake_State& state,
                                          const Policy& policy,
                                          Credentials_Manager& creds,
-                                         const std::vector<X509_Certificate>& peer_certs,
+                                         const Public_Key* server_public_key,
                                          const std::string& hostname,
                                          RandomNumberGenerator& rng)
    {
@@ -232,12 +232,10 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
       if(kex_algo != "RSA")
          throw Unexpected_Message("No server kex but negotiated kex " + kex_algo);
 
-      if(peer_certs.empty())
-         throw Internal_Error("No certificate and no server key exchange");
+      if(!server_public_key)
+         throw Internal_Error("No server public key for RSA exchange");
 
-      std::unique_ptr<Public_Key> pub_key(peer_certs[0].subject_public_key());
-
-      if(const RSA_PublicKey* rsa_pub = dynamic_cast<const RSA_PublicKey*>(pub_key.get()))
+      if(auto rsa_pub = dynamic_cast<const RSA_PublicKey*>(server_public_key))
          {
          const Protocol_Version offered_version = state.client_hello()->version();
 
@@ -257,7 +255,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
       else
          throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
                              "Expected a RSA key in server cert but got " +
-                             pub_key->algo_name());
+                             server_public_key->algo_name());
       }
 
    state.hash().update(io.send(*this));
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index a3b817c32..62aceda2e 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -399,7 +399,7 @@ void Client::process_handshake_msg(const Handshake_State* /*active_state*/,
                                  state,
                                  m_policy,
                                  m_creds,
-                                 m_peer_certs,
+                                 state.server_public_key.get(),
                                  m_hostname,
                                  m_rng)
          );
diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index 5a9363669..b37d630f8 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -240,7 +240,7 @@ class Client_Key_Exchange : public Handshake_Message
                           Handshake_State& state,
                           const Policy& policy,
                           Credentials_Manager& creds,
-                          const std::vector<X509_Certificate>& peer_certs,
+                          const Public_Key* server_public_key,
                           const std::string& hostname,
                           RandomNumberGenerator& rng);