2
0

SSL_get_certificate.pod 2.3 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273
  1. =pod
  2. =head1 NAME
  3. SSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate and
  4. private key
  5. =head1 SYNOPSIS
  6. #include <openssl/ssl.h>
  7. X509 *SSL_get_certificate(const SSL *s);
  8. EVP_PKEY *SSL_get_privatekey(const SSL *s);
  9. =head1 DESCRIPTION
  10. SSL_get_certificate() returns a pointer to an B<X509> object representing a
  11. certificate used as the local peer's identity.
  12. Multiple certificates can be configured; for example, a server might have both
  13. RSA and ECDSA certificates. The certificate which is returned by
  14. SSL_get_certificate() is determined as follows:
  15. =over 4
  16. =item
  17. If it is called before certificate selection has occurred, it returns the most
  18. recently added certificate, or NULL if no certificate has been added.
  19. =item
  20. After certificate selection has occurred, it returns the certificate which was
  21. selected during the handshake, or NULL if no certificate was selected (for
  22. example, on a client where no client certificate is in use).
  23. =back
  24. Certificate selection occurs during the handshake; therefore, the value returned
  25. by SSL_get_certificate() during any callback made during the handshake process
  26. will depend on whether that callback is made before or after certificate
  27. selection occurs.
  28. A specific use for SSL_get_certificate() is inside a callback set via a call to
  29. L<SSL_CTX_set_tlsext_status_cb(3)>. This callback occurs after certificate
  30. selection, where it can be used to examine a server's chosen certificate, for
  31. example for the purpose of identifying a certificate's OCSP responder URL so
  32. that an OCSP response can be obtained.
  33. SSL_get_privatekey() returns a pointer to the B<EVP_PKEY> object corresponding
  34. to the certificate returned by SSL_get_certificate(), if any.
  35. =head1 RETURN VALUES
  36. These functions return pointers to their respective objects, or NULL if no such
  37. object is available. Returned objects are owned by the SSL object and should not
  38. be freed by users of these functions.
  39. =head1 SEE ALSO
  40. L<ssl(7)>, L<SSL_CTX_set_tlsext_status_cb(3)>
  41. =head1 COPYRIGHT
  42. Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
  43. Licensed under the Apache License 2.0 (the "License"). You may not use
  44. this file except in compliance with the License. You can obtain a copy
  45. in the file LICENSE in the source distribution or at
  46. L<https://www.openssl.org/source/license.html>.
  47. =cut