xref: /freebsd/crypto/openssl/doc/man3/SSL_get_peer_certificate.pod (revision 725a9f47324d42037db93c27ceb40d4956872f3e)
1=pod
2
3=head1 NAME
4
5SSL_get_peer_certificate,
6SSL_get0_peer_certificate,
7SSL_get1_peer_certificate - get the X509 certificate of the peer
8
9=head1 SYNOPSIS
10
11 #include <openssl/ssl.h>
12
13 X509 *SSL_get0_peer_certificate(const SSL *ssl);
14 X509 *SSL_get1_peer_certificate(const SSL *ssl);
15
16The following function has been deprecated since OpenSSL 3.0,
17and can be hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable
18version value, see L<openssl_user_macros(7)>:
19
20 X509 *SSL_get_peer_certificate(const SSL *ssl);
21
22=head1 DESCRIPTION
23
24These functions return a pointer to the X509 certificate the
25peer presented. If the peer did not present a certificate, NULL is returned.
26
27=head1 NOTES
28
29Due to the protocol definition, a TLS/SSL server will always send a
30certificate, if present. A client will only send a certificate when
31explicitly requested to do so by the server (see
32L<SSL_CTX_set_verify(3)>). If an anonymous cipher
33is used, no certificates are sent.
34
35That a certificate is returned does not indicate information about the
36verification state, use L<SSL_get_verify_result(3)>
37to check the verification state.
38
39The reference count of the X509 object returned by SSL_get1_peer_certificate()
40is incremented by one, so that it will not be destroyed when the session
41containing the peer certificate is freed. The X509 object must be explicitly
42freed using X509_free().
43
44The reference count of the X509 object returned by SSL_get0_peer_certificate()
45is not incremented, and must not be freed.
46
47SSL_get_peer_certificate() is an alias of SSL_get1_peer_certificate().
48
49=head1 RETURN VALUES
50
51The following return values can occur:
52
53=over 4
54
55=item NULL
56
57No certificate was presented by the peer or no connection was established.
58
59=item Pointer to an X509 certificate
60
61The return value points to the certificate presented by the peer.
62
63=back
64
65=head1 SEE ALSO
66
67L<ssl(7)>, L<SSL_get_verify_result(3)>,
68L<SSL_CTX_set_verify(3)>
69
70=head1 HISTORY
71
72SSL_get0_peer_certificate() and SSL_get1_peer_certificate() were added in 3.0.0.
73SSL_get_peer_certificate() was deprecated in 3.0.0.
74
75=head1 COPYRIGHT
76
77Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
78
79Licensed under the Apache License 2.0 (the "License").  You may not use
80this file except in compliance with the License.  You can obtain a copy
81in the file LICENSE in the source distribution or at
82L<https://www.openssl.org/source/license.html>.
83
84=cut
85