SSL_GET_PEER_CERTIFICATE(3) OpenSSL SSL_GET_PEER_CERTIFICATE(3)
SSL_get_peer_certificate - get the X509 certificate of the
peer
#include <openssl/ssl.h>
X509 *SSL_get_peer_certificate(const SSL *ssl);
SSL_get_peer_certificate() returns a pointer to the X509
certificate the peer presented. If the peer did not present
a certificate, NULL is returned.
Due to the protocol definition, a TLS/SSL server will always
send a certificate, if present. A client will only send a
certificate when explicitly requested to do so by the server
(see SSL_CTX_set_verify(3)). If an anonymous cipher is used,
no certificates are sent.
That a certificate is returned does not indicate information
about the verification state, use SSL_get_verify_result(3)
to check the verification state.
The reference count of the X509 object is incremented by
one, so that it will not be destroyed when the session con-
taining the peer certificate is freed. The X509 object must
be explicitly freed using X509_free().
The following return values can occur:
NULL
No certificate was presented by the peer or no connec-
tion was established.
Pointer to an X509 certificate
The return value points to the certificate presented by
the peer.
ssl(3), SSL_get_verify_result(3), SSL_CTX_set_verify(3)
MirBSD #10-current 2005-04-29 1