- Added ssl_get_peer_cert() to SSL API

2025-10-30 11:11:12 -04:00 · 2012-10-30 07:51:03 +00:00 · 2012-10-30 07:51:03 +00:00 · b0550d90c9
commit b0550d90c9
parent d2c167e9a8
5 changed files with 29 additions and 5 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -928,6 +928,22 @@ const char *ssl_get_ciphersuite( const ssl_context *ssl );
 */
 const char *ssl_get_version( const ssl_context *ssl );

+/**
+ * \brief          Return the peer certificate from the current connection
+ *
+ *                 Note: Can be NULL in case no certificate was sent during
+ *                 the handshake. Different calls for the same connection can
+ *                 return the same or different pointers for the same
+ *                 certificate and even a different certificate altogether.
+ *                 The peer cert CAN change in a single connection if
+ *                 renegotiation is performed.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         the current peer certificate
+ */
+const x509_cert *ssl_get_peer_cert( const ssl_context *ssl );
+
 /**
 * \brief          Perform the SSL handshake
 *
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -3405,6 +3405,14 @@ const char *ssl_get_version( const ssl_context *ssl )
    return( "unknown" );
 }

+const x509_cert *ssl_get_peer_cert( const ssl_context *ssl )
+{
+    if( ssl == NULL || ssl->session == NULL )
+        return NULL;
+
+    return ssl->session->peer_cert;
+}
+
 const int ssl_default_ciphersuites[] =
 {
 #if defined(POLARSSL_DHM_C)
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -539,7 +539,7 @@ int main( int argc, char *argv[] )

    printf( "  . Peer certificate information    ...\n" );
    x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, "      ",
-                         ssl.session->peer_cert );
+                         ssl_get_peer_cert( &ssl ) );
    printf( "%s\n", buf );

    /*
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@ -172,7 +172,7 @@ int do_handshake( ssl_context *ssl, struct options *opt )

    printf( "  . Peer certificate information    ...\n" );
    x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, "      ",
-                         ssl->session->peer_cert );
+                         ssl_get_peer_cert( &ssl ) );
    printf( "%s\n", buf );

    return( 0 );
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -501,7 +501,7 @@ reset:
    {
        printf( " failed\n" );

-        if( !ssl.session->peer_cert )
+        if( !ssl_get_peer_cert( &ssl ) )
            printf( "  ! no client certificate sent\n" );

        if( ( ret & BADCERT_EXPIRED ) != 0 )
@ -518,11 +518,11 @@ reset:
    else
        printf( " ok\n" );

-    if( ssl.session->peer_cert )
+    if( ssl_get_peer_cert( &ssl ) )
    {
        printf( "  . Peer certificate information    ...\n" );
        x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, "      ",
-                             ssl.session->peer_cert );
+                             ssl_get_peer_cert( &ssl ) );
        printf( "%s\n", buf );
    }