On Sun, 2 Apr 2017 06:27:45 +0930 Jack Burton <[email protected]> wrote: > On Sat, 01 Apr 2017 18:22:17 +0000 > Bob Beck <[email protected]> wrote: > > There will be some libtls api additions post 6.1 to get the peer > > cert in PEM format > > Thanks Bob. That sounds like exactly what's needed. Happy to wait.
...and your tls_peer_cert_chain_pem() solves things nicely. Many thanks for that. Here's a little diff to document it. Index: lib/libtls/man/tls_conn_version.3 =================================================================== RCS file: /cvs/src/lib/libtls/man/tls_conn_version.3,v retrieving revision 1.4 diff -u -p -r1.4 tls_conn_version.3 --- lib/libtls/man/tls_conn_version.3 28 Jan 2017 00:59:36 -0000 1.4 +++ lib/libtls/man/tls_conn_version.3 27 May 2017 06:55:41 -0000 @@ -24,6 +24,7 @@ .Nm tls_conn_alpn_selected , .Nm tls_conn_servername , .Nm tls_peer_cert_provided , +.Nm tls_peer_cert_chain_pem , .Nm tls_peer_cert_contains_name , .Nm tls_peer_cert_issuer , .Nm tls_peer_cert_subject , @@ -43,6 +44,11 @@ .Fn tls_conn_servername "struct tls *ctx" .Ft int .Fn tls_peer_cert_provided "struct tls *ctx" +.Ft const uint8_t * +.Fo tls_peer_cert_chain_pem +.Fa "struct tls *ctx" +.Fa "size_t *size" +.Fc .Ft int .Fo tls_peer_cert_contains_name .Fa "struct tls *ctx" @@ -89,6 +95,14 @@ checks if the peer of .Ar ctx has provided a certificate. .Pp +.Fn tls_peer_cert_chain_pem +returns a string consisting of the PEM encoded certificate chain of the peer +from +.Ar ctx . +The value of +.Ar size +is set to the length of the string. +.Pp .Fn tls_peer_cert_contains_name checks if the peer of a TLS .Ar ctx @@ -172,6 +186,10 @@ and .Fn tls_conn_alpn_selected appeared in .Ox 6.1 . +.Pp +.Fn tls_peer_cert_chain_pem +appeared in +.Ox 6.2 . .Sh AUTHORS .An Bob Beck Aq Mt [email protected] .An Joel Sing Aq Mt [email protected]
