1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre ProncherySSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate and 6*b077aed3SPierre Proncheryprivate key 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 SYNOPSIS 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Pronchery #include <openssl/ssl.h> 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery X509 *SSL_get_certificate(const SSL *s); 13*b077aed3SPierre Pronchery EVP_PKEY *SSL_get_privatekey(const SSL *s); 14*b077aed3SPierre Pronchery 15*b077aed3SPierre Pronchery=head1 DESCRIPTION 16*b077aed3SPierre Pronchery 17*b077aed3SPierre ProncherySSL_get_certificate() returns a pointer to an B<X509> object representing a 18*b077aed3SPierre Proncherycertificate used as the local peer's identity. 19*b077aed3SPierre Pronchery 20*b077aed3SPierre ProncheryMultiple certificates can be configured; for example, a server might have both 21*b077aed3SPierre ProncheryRSA and ECDSA certificates. The certificate which is returned by 22*b077aed3SPierre ProncherySSL_get_certificate() is determined as follows: 23*b077aed3SPierre Pronchery 24*b077aed3SPierre Pronchery=over 4 25*b077aed3SPierre Pronchery 26*b077aed3SPierre Pronchery=item 27*b077aed3SPierre Pronchery 28*b077aed3SPierre ProncheryIf it is called before certificate selection has occurred, it returns the most 29*b077aed3SPierre Proncheryrecently added certificate, or NULL if no certificate has been added. 30*b077aed3SPierre Pronchery 31*b077aed3SPierre Pronchery=item 32*b077aed3SPierre Pronchery 33*b077aed3SPierre ProncheryAfter certificate selection has occurred, it returns the certificate which was 34*b077aed3SPierre Proncheryselected during the handshake, or NULL if no certificate was selected (for 35*b077aed3SPierre Proncheryexample, on a client where no client certificate is in use). 36*b077aed3SPierre Pronchery 37*b077aed3SPierre Pronchery=back 38*b077aed3SPierre Pronchery 39*b077aed3SPierre ProncheryCertificate selection occurs during the handshake; therefore, the value returned 40*b077aed3SPierre Proncheryby SSL_get_certificate() during any callback made during the handshake process 41*b077aed3SPierre Proncherywill depend on whether that callback is made before or after certificate 42*b077aed3SPierre Proncheryselection occurs. 43*b077aed3SPierre Pronchery 44*b077aed3SPierre ProncheryA specific use for SSL_get_certificate() is inside a callback set via a call to 45*b077aed3SPierre ProncheryL<SSL_CTX_set_tlsext_status_cb(3)>. This callback occurs after certificate 46*b077aed3SPierre Proncheryselection, where it can be used to examine a server's chosen certificate, for 47*b077aed3SPierre Proncheryexample for the purpose of identifying a certificate's OCSP responder URL so 48*b077aed3SPierre Proncherythat an OCSP response can be obtained. 49*b077aed3SPierre Pronchery 50*b077aed3SPierre ProncherySSL_get_privatekey() returns a pointer to the B<EVP_PKEY> object corresponding 51*b077aed3SPierre Proncheryto the certificate returned by SSL_get_certificate(), if any. 52*b077aed3SPierre Pronchery 53*b077aed3SPierre Pronchery=head1 RETURN VALUES 54*b077aed3SPierre Pronchery 55*b077aed3SPierre ProncheryThese functions return pointers to their respective objects, or NULL if no such 56*b077aed3SPierre Proncheryobject is available. Returned objects are owned by the SSL object and should not 57*b077aed3SPierre Proncherybe freed by users of these functions. 58*b077aed3SPierre Pronchery 59*b077aed3SPierre Pronchery=head1 SEE ALSO 60*b077aed3SPierre Pronchery 61*b077aed3SPierre ProncheryL<ssl(7)>, L<SSL_CTX_set_tlsext_status_cb(3)> 62*b077aed3SPierre Pronchery 63*b077aed3SPierre Pronchery=head1 COPYRIGHT 64*b077aed3SPierre Pronchery 65*b077aed3SPierre ProncheryCopyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. 66*b077aed3SPierre Pronchery 67*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 68*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 69*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 70*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 71*b077aed3SPierre Pronchery 72*b077aed3SPierre Pronchery=cut 73*b077aed3SPierre Pronchery 74