5 SSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate and
10 #include <openssl/ssl.h>
12 X509 *SSL_get_certificate(const SSL *s);
13 EVP_PKEY *SSL_get_privatekey(const SSL *s);
17 SSL_get_certificate() returns a pointer to an B<X509> object representing a
18 certificate used as the local peer's identity.
20 Multiple certificates can be configured; for example, a server might have both
21 RSA and ECDSA certificates. The certificate which is returned by
22 SSL_get_certificate() is determined as follows:
28 If it is called before certificate selection has occurred, it returns the most
29 recently added certificate, or NULL if no certificate has been added.
33 After certificate selection has occurred, it returns the certificate which was
34 selected during the handshake, or NULL if no certificate was selected (for
35 example, on a client where no client certificate is in use).
39 Certificate selection occurs during the handshake; therefore, the value returned
40 by SSL_get_certificate() during any callback made during the handshake process
41 will depend on whether that callback is made before or after certificate
44 A specific use for SSL_get_certificate() is inside a callback set via a call to
45 L<SSL_CTX_set_tlsext_status_cb(3)>. This callback occurs after certificate
46 selection, where it can be used to examine a server's chosen certificate, for
47 example for the purpose of identifying a certificate's OCSP responder URL so
48 that an OCSP response can be obtained.
50 SSL_get_privatekey() returns a pointer to the B<EVP_PKEY> object corresponding
51 to the certificate returned by SSL_get_certificate(), if any.
55 These functions return pointers to their respective objects, or NULL if no such
56 object is available. Returned objects are owned by the SSL object and should not
57 be freed by users of these functions.
61 L<ssl(7)>, L<SSL_CTX_set_tlsext_status_cb(3)>
65 Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
67 Licensed under the Apache License 2.0 (the "License"). You may not use
68 this file except in compliance with the License. You can obtain a copy
69 in the file LICENSE in the source distribution or at
70 L<https://www.openssl.org/source/license.html>.