xref: /freebsd/crypto/openssl/doc/man3/SSL_get_certificate.pod (revision 1719886f6d08408b834d270c59ffcfd821c8f63a)
1=pod
2
3=head1 NAME
4
5SSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate and
6private key
7
8=head1 SYNOPSIS
9
10 #include <openssl/ssl.h>
11
12 X509 *SSL_get_certificate(const SSL *s);
13 EVP_PKEY *SSL_get_privatekey(const SSL *s);
14
15=head1 DESCRIPTION
16
17SSL_get_certificate() returns a pointer to an B<X509> object representing a
18certificate used as the local peer's identity.
19
20Multiple certificates can be configured; for example, a server might have both
21RSA and ECDSA certificates. The certificate which is returned by
22SSL_get_certificate() is determined as follows:
23
24=over 4
25
26=item
27
28If it is called before certificate selection has occurred, it returns the most
29recently added certificate, or NULL if no certificate has been added.
30
31=item
32
33After certificate selection has occurred, it returns the certificate which was
34selected during the handshake, or NULL if no certificate was selected (for
35example, on a client where no client certificate is in use).
36
37=back
38
39Certificate selection occurs during the handshake; therefore, the value returned
40by SSL_get_certificate() during any callback made during the handshake process
41will depend on whether that callback is made before or after certificate
42selection occurs.
43
44A specific use for SSL_get_certificate() is inside a callback set via a call to
45L<SSL_CTX_set_tlsext_status_cb(3)>. This callback occurs after certificate
46selection, where it can be used to examine a server's chosen certificate, for
47example for the purpose of identifying a certificate's OCSP responder URL so
48that an OCSP response can be obtained.
49
50SSL_get_privatekey() returns a pointer to the B<EVP_PKEY> object corresponding
51to the certificate returned by SSL_get_certificate(), if any.
52
53=head1 RETURN VALUES
54
55These functions return pointers to their respective objects, or NULL if no such
56object is available. Returned objects are owned by the SSL object and should not
57be freed by users of these functions.
58
59=head1 SEE ALSO
60
61L<ssl(7)>, L<SSL_CTX_set_tlsext_status_cb(3)>
62
63=head1 COPYRIGHT
64
65Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
66
67Licensed under the Apache License 2.0 (the "License").  You may not use
68this file except in compliance with the License.  You can obtain a copy
69in the file LICENSE in the source distribution or at
70L<https://www.openssl.org/source/license.html>.
71
72=cut
73
74