Function to return peer cert as tor_tls_cert

diff --git a/src/common/tortls.c b/src/common/tortls.c
index e27530711441ee78de94bdbbcafe17591720f5f5..aa90f1828d01e4d5355a9f8dc241fded43821bb8 100644 (file)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1856,6 +1856,18 @@ tor_tls_peer_has_cert(tor_tls_t *tls)
   return 1;
 }
 
+/** Return the peer certificate, or NULL if there isn't one. */
+tor_cert_t *
+tor_tls_get_peer_cert(tor_tls_t *tls)
+{
+  X509 *cert;
+  cert = SSL_get_peer_certificate(tls->ssl);
+  tls_log_errors(tls, LOG_WARN, LD_HANDSHAKE, "getting peer certificate");
+  if (!cert)
+    return NULL;
+  return tor_cert_new(cert);
+}
+
 /** Warn that a certificate lifetime extends through a certain range. */
 static void
 log_cert_lifetime(const X509 *cert, const char *problem)

diff --git a/src/common/tortls.h b/src/common/tortls.h
index b522dd112aa7b5118acbdc1fd779d69e6302e271..00bf4066d29c189d8d220556a9f49be96582f0ee 100644 (file)
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -66,6 +66,7 @@ void tor_tls_set_renegotiate_callback(tor_tls_t *tls,
 int tor_tls_is_server(tor_tls_t *tls);
 void tor_tls_free(tor_tls_t *tls);
 int tor_tls_peer_has_cert(tor_tls_t *tls);
+tor_cert_t *tor_tls_get_peer_cert(tor_tls_t *tls);
 int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_env_t **identity);
 int tor_tls_check_lifetime(tor_tls_t *tls, int tolerance);
 int tor_tls_read(tor_tls_t *tls, char *cp, size_t len);