1SSL_GET_CERTIFICATE(3ossl)          OpenSSL         SSL_GET_CERTIFICATE(3ossl)
2
3
4

NAME

6       SSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate
7       and private key
8

SYNOPSIS

10        #include <openssl/ssl.h>
11
12        X509 *SSL_get_certificate(const SSL *s);
13        EVP_PKEY *SSL_get_privatekey(const SSL *s);
14

DESCRIPTION

16       SSL_get_certificate() returns a pointer to an X509 object representing
17       a certificate used as the local peer's identity.
18
19       Multiple certificates can be configured; for example, a server might
20       have both RSA and ECDSA certificates. The certificate which is returned
21       by SSL_get_certificate() is determined as follows:
22
23       •   If it is called before certificate selection has occurred, it
24           returns the most recently added certificate, or NULL if no
25           certificate has been added.
26
27       •   After certificate selection has occurred, it returns the
28           certificate which was selected during the handshake, or NULL if no
29           certificate was selected (for example, on a client where no client
30           certificate is in use).
31
32       Certificate selection occurs during the handshake; therefore, the value
33       returned by SSL_get_certificate() during any callback made during the
34       handshake process will depend on whether that callback is made before
35       or after certificate selection occurs.
36
37       A specific use for SSL_get_certificate() is inside a callback set via a
38       call to SSL_CTX_set_tlsext_status_cb(3). This callback occurs after
39       certificate selection, where it can be used to examine a server's
40       chosen certificate, for example for the purpose of identifying a
41       certificate's OCSP responder URL so that an OCSP response can be
42       obtained.
43
44       SSL_get_privatekey() returns a pointer to the EVP_PKEY object
45       corresponding to the certificate returned by SSL_get_certificate(), if
46       any.
47

RETURN VALUES

49       These functions return pointers to their respective objects, or NULL if
50       no such object is available. Returned objects are owned by the SSL
51       object and should not be freed by users of these functions.
52

SEE ALSO

54       ssl(7), SSL_CTX_set_tlsext_status_cb(3)
55

57       Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
58
59       Licensed under the Apache License 2.0 (the "License").  You may not use
60       this file except in compliance with the License.  You can obtain a copy
61       in the file LICENSE in the source distribution or at
62       <https://www.openssl.org/source/license.html>.
63
64
65
663.0.5                             2022-07-05        SSL_GET_CERTIFICATE(3ossl)
Impressum