1SSL_GET_PEER_CERT_CHAIN(3) OpenSSL SSL_GET_PEER_CERT_CHAIN(3)
2
3
4
6 SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509
7 certificate chain of the peer
8
10 #include <openssl/ssl.h>
11
12 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
13 STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl);
14
16 SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509)
17 certificates forming the certificate chain sent by the peer. If called
18 on the client side, the stack also contains the peer's certificate; if
19 called on the server side, the peer's certificate must be obtained
20 separately using SSL_get_peer_certificate(3). If the peer did not
21 present a certificate, NULL is returned.
22
23 NB: SSL_get_peer_cert_chain() returns the peer chain as sent by the
24 peer: it only consists of certificates the peer has sent (in the order
25 the peer has sent them) it is not a verified chain.
26
27 SSL_get0_verified_chain() returns the verified certificate chain of the
28 peer including the peer's end entity certificate. It must be called
29 after a session has been successfully established. If peer verification
30 was not successful (as indicated by SSL_get_verify_result() not
31 returning X509_V_OK) the chain may be incomplete or invalid.
32
34 If the session is resumed peers do not send certificates so a NULL
35 pointer is returned by these functions. Applications can call
36 SSL_session_reused() to determine whether a session is resumed.
37
38 The reference count of each certificate in the returned STACK_OF(X509)
39 object is not incremented and the returned stack may be invalidated by
40 renegotiation. If applications wish to use any certificates in the
41 returned chain indefinitely they must increase the reference counts
42 using X509_up_ref() or obtain a copy of the whole chain with
43 X509_chain_up_ref().
44
46 The following return values can occur:
47
48 NULL
49 No certificate was presented by the peer or no connection was
50 established or the certificate chain is no longer available when a
51 session is reused.
52
53 Pointer to a STACK_OF(X509)
54 The return value points to the certificate chain presented by the
55 peer.
56
58 ssl(7), SSL_get_peer_certificate(3), X509_up_ref(3),
59 X509_chain_up_ref(3)
60
62 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
63
64 Licensed under the OpenSSL license (the "License"). You may not use
65 this file except in compliance with the License. You can obtain a copy
66 in the file LICENSE in the source distribution or at
67 <https://www.openssl.org/source/license.html>.
68
69
70
711.1.1q 2023-02-06 SSL_GET_PEER_CERT_CHAIN(3)