1 | =pod
|
---|
2 |
|
---|
3 | =head1 NAME
|
---|
4 |
|
---|
5 | SSL_get_peer_certificate,
|
---|
6 | SSL_get0_peer_certificate,
|
---|
7 | SSL_get1_peer_certificate - get the X509 certificate of the peer
|
---|
8 |
|
---|
9 | =head1 SYNOPSIS
|
---|
10 |
|
---|
11 | #include <openssl/ssl.h>
|
---|
12 |
|
---|
13 | X509 *SSL_get0_peer_certificate(const SSL *ssl);
|
---|
14 | X509 *SSL_get1_peer_certificate(const SSL *ssl);
|
---|
15 |
|
---|
16 | The following function has been deprecated since OpenSSL 3.0,
|
---|
17 | and can be hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable
|
---|
18 | version value, see L<openssl_user_macros(7)>:
|
---|
19 |
|
---|
20 | X509 *SSL_get_peer_certificate(const SSL *ssl);
|
---|
21 |
|
---|
22 | =head1 DESCRIPTION
|
---|
23 |
|
---|
24 | These functions return a pointer to the X509 certificate the
|
---|
25 | peer presented. If the peer did not present a certificate, NULL is returned.
|
---|
26 |
|
---|
27 | =head1 NOTES
|
---|
28 |
|
---|
29 | Due to the protocol definition, a TLS/SSL server will always send a
|
---|
30 | certificate, if present. A client will only send a certificate when
|
---|
31 | explicitly requested to do so by the server (see
|
---|
32 | L<SSL_CTX_set_verify(3)>). If an anonymous cipher
|
---|
33 | is used, no certificates are sent.
|
---|
34 |
|
---|
35 | That a certificate is returned does not indicate information about the
|
---|
36 | verification state, use L<SSL_get_verify_result(3)>
|
---|
37 | to check the verification state.
|
---|
38 |
|
---|
39 | The reference count of the X509 object returned by SSL_get1_peer_certificate()
|
---|
40 | is incremented by one, so that it will not be destroyed when the session
|
---|
41 | containing the peer certificate is freed. The X509 object must be explicitly
|
---|
42 | freed using X509_free().
|
---|
43 |
|
---|
44 | The reference count of the X509 object returned by SSL_get0_peer_certificate()
|
---|
45 | is not incremented, and must not be freed.
|
---|
46 |
|
---|
47 | SSL_get_peer_certificate() is an alias of SSL_get1_peer_certificate().
|
---|
48 |
|
---|
49 | =head1 RETURN VALUES
|
---|
50 |
|
---|
51 | The following return values can occur:
|
---|
52 |
|
---|
53 | =over 4
|
---|
54 |
|
---|
55 | =item NULL
|
---|
56 |
|
---|
57 | No certificate was presented by the peer or no connection was established.
|
---|
58 |
|
---|
59 | =item Pointer to an X509 certificate
|
---|
60 |
|
---|
61 | The return value points to the certificate presented by the peer.
|
---|
62 |
|
---|
63 | =back
|
---|
64 |
|
---|
65 | =head1 SEE ALSO
|
---|
66 |
|
---|
67 | L<ssl(7)>, L<SSL_get_verify_result(3)>,
|
---|
68 | L<SSL_CTX_set_verify(3)>
|
---|
69 |
|
---|
70 | =head1 HISTORY
|
---|
71 |
|
---|
72 | SSL_get0_peer_certificate() and SSL_get1_peer_certificate() were added in 3.0.0.
|
---|
73 | SSL_get_peer_certificate() was deprecated in 3.0.0.
|
---|
74 |
|
---|
75 | =head1 COPYRIGHT
|
---|
76 |
|
---|
77 | Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
---|
78 |
|
---|
79 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
---|
80 | this file except in compliance with the License. You can obtain a copy
|
---|
81 | in the file LICENSE in the source distribution or at
|
---|
82 | L<https://www.openssl.org/source/license.html>.
|
---|
83 |
|
---|
84 | =cut
|
---|