On Mon, Jul 10, 2017 at 11:19 PM, Jeff Janes <jeff.ja...@gmail.com> wrote:
> > Is there a way to get libpq to hand over the certificate it gets from the > server, so I can inspect it with other tools that give better diagnostic > messages? I've tried to scrape it out of the output of "strace -s8192", > but since it is binary it is difficult to figure out where it begins and > ends within the larger server response method. > > PQgetssl() or PQsslStruct() should give you the required struct from OpenSSL, which you can then use OpenSSL to inspect. You should be able to use (I think) SSL_get_peer_certificate() to get at it. (this is what libpq does and stores it in ->peer, but that's a private api. But you can see be-secure-openssl.c for some examples) -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
