1SSL_GET_PEER_CERT_CHAIN(3ossl)      OpenSSL     SSL_GET_PEER_CERT_CHAIN(3ossl)
2
3
4

NAME

6       SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509
7       certificate chain of the peer
8

SYNOPSIS

10        #include <openssl/ssl.h>
11
12        STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
13        STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl);
14

DESCRIPTION

16       SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509)
17       certificates forming the certificate chain sent by the peer. If called
18       on the client side, the stack also contains the peer's certificate; if
19       called on the server side, the peer's certificate must be obtained
20       separately using SSL_get_peer_certificate(3).  If the peer did not
21       present a certificate, NULL is returned.
22
23       NB: SSL_get_peer_cert_chain() returns the peer chain as sent by the
24       peer: it only consists of certificates the peer has sent (in the order
25       the peer has sent them) it is not a verified chain.
26
27       SSL_get0_verified_chain() returns the verified certificate chain of the
28       peer including the peer's end entity certificate. It must be called
29       after a session has been successfully established. If peer verification
30       was not successful (as indicated by SSL_get_verify_result() not
31       returning X509_V_OK) the chain may be incomplete or invalid.
32

NOTES

34       If the session is resumed peers do not send certificates so a NULL
35       pointer is returned by these functions. Applications can call
36       SSL_session_reused() to determine whether a session is resumed.
37
38       The reference count of each certificate in the returned STACK_OF(X509)
39       object is not incremented and the returned stack may be invalidated by
40       renegotiation.  If applications wish to use any certificates in the
41       returned chain indefinitely they must increase the reference counts
42       using X509_up_ref() or obtain a copy of the whole chain with
43       X509_chain_up_ref().
44

RETURN VALUES

46       The following return values can occur:
47
48       NULL
49           No certificate was presented by the peer or no connection was
50           established or the certificate chain is no longer available when a
51           session is reused.
52
53       Pointer to a STACK_OF(X509)
54           The return value points to the certificate chain presented by the
55           peer.
56

SEE ALSO

58       ssl(7), SSL_get_peer_certificate(3), X509_up_ref(3),
59       X509_chain_up_ref(3)
60

62       Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
63
64       Licensed under the Apache License 2.0 (the "License").  You may not use
65       this file except in compliance with the License.  You can obtain a copy
66       in the file LICENSE in the source distribution or at
67       <https://www.openssl.org/source/license.html>.
68
69
70
713.1.1                             2023-08-31    SSL_GET_PEER_CERT_CHAIN(3ossl)
Impressum