Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 8f56d0604c
Branches Tags
openssl
/
doc
/
man3
/
SSL_get_certificate.pod

SSL_get_certificate.pod 2.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. SSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate and
    6. 

  6. private key
    7. 

  7. 

  8. =head1 SYNOPSIS
    9. 

  9. 

  10.  #include <openssl/ssl.h>
    11. 

  11. 

  12.  X509 *SSL_get_certificate(const SSL *s);
    13. 

  13.  EVP_PKEY *SSL_get_privatekey(const SSL *s);
    14. 

  14. 

  15. =head1 DESCRIPTION
    16. 

  16. 

  17. SSL_get_certificate() returns a pointer to an B<X509> object representing a
    18. 

  18. certificate used as the local peer's identity.
    19. 

  19. 

  20. Multiple certificates can be configured; for example, a server might have both
    21. 

  21. RSA and ECDSA certificates. The certificate which is returned by
    22. 

  22. SSL_get_certificate() is determined as follows:
    23. 

  23. 

  24. =over 4
    25. 

  25. 

  26. =item
    27. 

  27. 

  28. If it is called before certificate selection has occurred, it returns the most
    29. 

  29. recently added certificate, or NULL if no certificate has been added.
    30. 

  30. 

  31. =item
    32. 

  32. 

  33. After certificate selection has occurred, it returns the certificate which was
    34. 

  34. selected during the handshake, or NULL if no certificate was selected (for
    35. 

  35. example, on a client where no client certificate is in use).
    36. 

  36. 

  37. =back
    38. 

  38. 

  39. Certificate selection occurs during the handshake; therefore, the value returned
    40. 

  40. by SSL_get_certificate() during any callback made during the handshake process
    41. 

  41. will depend on whether that callback is made before or after certificate
    42. 

  42. selection occurs.
    43. 

  43. 

  44. A specific use for SSL_get_certificate() is inside a callback set via a call to
    45. 

  45. L<SSL_CTX_set_tlsext_status_cb(3)>. This callback occurs after certificate
    46. 

  46. selection, where it can be used to examine a server's chosen certificate, for
    47. 

  47. example for the purpose of identifying a certificate's OCSP responder URL so
    48. 

  48. that an OCSP response can be obtained.
    49. 

  49. 

  50. SSL_get_privatekey() returns a pointer to the B<EVP_PKEY> object corresponding
    51. 

  51. to the certificate returned by SSL_get_certificate(), if any.
    52. 

  52. 

  53. =head1 RETURN VALUES
    54. 

  54. 

  55. These functions return pointers to their respective objects, or NULL if no such
    56. 

  56. object is available. Returned objects are owned by the SSL object and should not
    57. 

  57. be freed by users of these functions.
    58. 

  58. 

  59. =head1 SEE ALSO
    60. 

  60. 

  61. L<ssl(7)>, L<SSL_CTX_set_tlsext_status_cb(3)>
    62. 

  62. 

  63. =head1 COPYRIGHT
    64. 

  64. 

  65. Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
    66. 

  66. 

  67. Licensed under the Apache License 2.0 (the "License").  You may not use
    68. 

  68. this file except in compliance with the License.  You can obtain a copy
    69. 

  69. in the file LICENSE in the source distribution or at
    70. 

  70. L<https://www.openssl.org/source/license.html>.
    71. 

  71. 

  72. =cut
    73. 

  73.