NAME
SSL_get_peer_cert_chain
—
get the X509 certificate chain sent by
the peer
SYNOPSIS
#include
<openssl/ssl.h>
STACK_OF(X509) *
SSL_get_peer_cert_chain
(const
SSL *ssl);
DESCRIPTION
SSL_get_peer_cert_chain
()
returns a pointer to
STACK_OF
(X509) certificates
forming the certificate chain of the peer. If called on the client side, the
stack also contains the peer's certificate; if called on the server side, the
peer's certificate must be obtained separately using
SSL_get_peer_certificate(3). If the peer did not present a
certificate, NULL
is returned.
SSL_get_peer_cert_chain
()
returns the peer chain as sent by the peer: it only consists of certificates
the peer has sent (in the order the peer has sent them) and it is not a
verified chain.
If the session is resumed, peers do not
send certificates, so a NULL
pointer is returned.
Applications can call
SSL_session_reused
()
to determine whether a session is resumed.
The reference count of the
STACK_OF
(X509) object is not
incremented. If the corresponding session is freed, the pointer must not be
used any longer.
RETURN VALUES
The following return values can occur:
NULL
- No certificate was presented by the peer or no connection was established or the certificate chain is no longer available when a session is reused.
- Pointer to a
STACK_OF
(X509) - The return value points to the certificate chain presented by the peer.
SEE ALSO
HISTORY
SSL_get_peer_cert_chain
() first appeared
in SSLeay 0.8.0 and has been available since OpenBSD
2.4.