- Added ssl_get_peer_cert() to SSL API
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 3c812f2..8a1c19d 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -929,6 +929,22 @@
const char *ssl_get_version( const ssl_context *ssl );
/**
+ * \brief Return the peer certificate from the current connection
+ *
+ * Note: Can be NULL in case no certificate was sent during
+ * the handshake. Different calls for the same connection can
+ * return the same or different pointers for the same
+ * certificate and even a different certificate altogether.
+ * The peer cert CAN change in a single connection if
+ * renegotiation is performed.
+ *
+ * \param ssl SSL context
+ *
+ * \return the current peer certificate
+ */
+const x509_cert *ssl_get_peer_cert( const ssl_context *ssl );
+
+/**
* \brief Perform the SSL handshake
*
* \param ssl SSL context
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f5fcba4..b63c7d4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3405,6 +3405,14 @@
return( "unknown" );
}
+const x509_cert *ssl_get_peer_cert( const ssl_context *ssl )
+{
+ if( ssl == NULL || ssl->session == NULL )
+ return NULL;
+
+ return ssl->session->peer_cert;
+}
+
const int ssl_default_ciphersuites[] =
{
#if defined(POLARSSL_DHM_C)
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index ae98b1b..949ef58 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -539,7 +539,7 @@
printf( " . Peer certificate information ...\n" );
x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
- ssl.session->peer_cert );
+ ssl_get_peer_cert( &ssl ) );
printf( "%s\n", buf );
/*
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index b450030..b303df8 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -172,7 +172,7 @@
printf( " . Peer certificate information ...\n" );
x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
- ssl->session->peer_cert );
+ ssl_get_peer_cert( &ssl ) );
printf( "%s\n", buf );
return( 0 );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 5076be3..3e2c35e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -501,7 +501,7 @@
{
printf( " failed\n" );
- if( !ssl.session->peer_cert )
+ if( !ssl_get_peer_cert( &ssl ) )
printf( " ! no client certificate sent\n" );
if( ( ret & BADCERT_EXPIRED ) != 0 )
@@ -518,11 +518,11 @@
else
printf( " ok\n" );
- if( ssl.session->peer_cert )
+ if( ssl_get_peer_cert( &ssl ) )
{
printf( " . Peer certificate information ...\n" );
x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
- ssl.session->peer_cert );
+ ssl_get_peer_cert( &ssl ) );
printf( "%s\n", buf );
}