diff options
| -rw-r--r-- | openssl-sys/src/lib.rs | 1 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 15 |
2 files changed, 16 insertions, 0 deletions
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 7c68b4fa..353f619f 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -2240,6 +2240,7 @@ extern "C" { #[cfg(libressl)] pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const libc::c_void; pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509; + pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509; pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; pub fn SSL_get_version(ssl: *const SSL) -> *const c_char; pub fn SSL_state_string(ssl: *const SSL) -> *const c_char; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 9e17ae60..dc0f5448 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -1257,6 +1257,21 @@ impl SslRef { } } + /// Returns the certificate chain of the peer, if present. + /// + /// On the client side, the chain includes the leaf certificate, but on the server side it does + /// not. Fun! + pub fn peer_cert_chain(&self) -> Option<&StackRef<X509>> { + unsafe { + let ptr = ffi::SSL_get_peer_cert_chain(self.as_ptr()); + if ptr.is_null() { + None + } else { + Some(StackRef::from_ptr(ptr)) + } + } + } + /// Returns the certificate associated with this `Ssl`, if present. pub fn certificate(&self) -> Option<&X509Ref> { unsafe { |