[thirdparty/openssl.git] / doc / ssl / SSL_get_peer_cert_chain.pod

=pod

=head1 NAME

SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509 certificate
chain of the peer

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
 STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl);

=head1 DESCRIPTION

SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509) certificates
forming the certificate chain sent by the peer. If called on the client side,
the stack also contains the peer's certificate; if called on the server
side, the peer's certificate must be obtained separately using
L<SSL_get_peer_certificate(3)>.
If the peer did not present a certificate, NULL is returned.

NB: SSL_get_peer_chain() returns the peer chain as sent by the peer: it
only consists of certificates the peer has sent (in the order the peer
has sent them) it is B<not> a verified chain.

SSL_get0_verified_chain() returns the B<verified> certificate chain
of the peer including the peer's end entity certificate. It must be called
after a session has been successfully established. If peer verification was
not successful (as indicated by SSL_get_verify_result() not returning
X509_V_OK) the chain may be incomplete or invalid.

=head1 NOTES

The peer certificate chain is not necessarily available after reusing
a session, in which case a NULL pointer is returned.

The reference count of each certificate in the returned STACK_OF(X509) object
is not incremented and the returned stack may be invalidated by renegotiation.
If applications wish to use any certificates in the returned chain
indefinitely they must increase the reference counts using X509_up_ref() or
obtain a copy of the whole chain with X509_chain_up_ref().

=head1 RETURN VALUES

The following return values can occur:

=over 4

=item NULL

No certificate was presented by the peer or no connection was established
or the certificate chain is no longer available when a session is reused.

=item Pointer to a STACK_OF(X509)

The return value points to the certificate chain presented by the peer.

=back

=head1 SEE ALSO

L<ssl(3)>, L<SSL_get_peer_certificate(3)>, L<X509_up_ref(3)>,
L<X509_chain_up_ref(3)>

=cut
Commit	Line	Data
4759abc5 RL	1	=pod
	2
	3	=head1 NAME
	4
696178ed DSH	5	SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509 certificate
696178ed DSH	6	chain of the peer
4759abc5 RL	7
	8	=head1 SYNOPSIS
	9
	10	#include <openssl/ssl.h>
	11
e5676b83	12	STACK_OF(X509) SSL_get_peer_cert_chain(const SSL ssl);
696178ed	13	STACK_OF(X509) SSL_get0_verified_chain(const SSL ssl);
4759abc5 RL	14
	15	=head1 DESCRIPTION
	16
e5676b83	17	SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509) certificates
696178ed	18	forming the certificate chain sent by the peer. If called on the client side,
4759abc5	19	the stack also contains the peer's certificate; if called on the server
52d160d8	20	side, the peer's certificate must be obtained separately using
9b86974e	21	L<SSL_get_peer_certificate(3)>.
4759abc5 RL	22	If the peer did not present a certificate, NULL is returned.
4759abc5 RL	23
696178ed DSH	24	NB: SSL_get_peer_chain() returns the peer chain as sent by the peer: it
	25	only consists of certificates the peer has sent (in the order the peer
	26	has sent them) it is B<not> a verified chain.
	27
	28	SSL_get0_verified_chain() returns the B<verified> certificate chain
	29	of the peer including the peer's end entity certificate. It must be called
	30	after a session has been successfully established. If peer verification was
	31	not successful (as indicated by SSL_get_verify_result() not returning
	32	X509_V_OK) the chain may be incomplete or invalid.
	33
4759abc5 RL	34	=head1 NOTES
	35
	36	The peer certificate chain is not necessarily available after reusing
	37	a session, in which case a NULL pointer is returned.
	38
696178ed DSH	39	The reference count of each certificate in the returned STACK_OF(X509) object
	40	is not incremented and the returned stack may be invalidated by renegotiation.
	41	If applications wish to use any certificates in the returned chain
	42	indefinitely they must increase the reference counts using X509_up_ref() or
	43	obtain a copy of the whole chain with X509_chain_up_ref().
4759abc5 RL	44
	45	=head1 RETURN VALUES
	46
	47	The following return values can occur:
	48
	49	=over 4
	50
	51	=item NULL
	52
	53	No certificate was presented by the peer or no connection was established
	54	or the certificate chain is no longer available when a session is reused.
	55
e5676b83	56	=item Pointer to a STACK_OF(X509)
4759abc5 RL	57
	58	The return value points to the certificate chain presented by the peer.
	59
	60	=back
	61
	62	=head1 SEE ALSO
	63
696178ed DSH	64	L<ssl(3)>, L<SSL_get_peer_certificate(3)>, L<X509_up_ref(3)>,
696178ed DSH	65	L<X509_chain_up_ref(3)>
4759abc5 RL	66
4759abc5 RL	67	=cut