From bcb7b3f5dc58de1fa88a65f5b6ea0bda089c2aee Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sun, 6 Nov 2016 10:46:38 -0800
Subject: [PATCH] Add accessors for cert and private key

Closes #340
---
 openssl-sys/src/lib.rs |  5 +++++
 openssl/src/ssl/mod.rs | 49 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)

diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 4ffd1f64..2c39f2ff 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -1575,6 +1575,8 @@ extern {
     pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM;
     pub fn SSL_get_verify_result(ssl: *const SSL) -> c_long;
     pub fn SSL_shutdown(ssl: *mut SSL) -> c_int;
+    pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509;
+    pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY;
 
     #[cfg(not(osslconf = "OPENSSL_NO_COMP"))]
     pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;
@@ -1606,6 +1608,9 @@ extern {
     pub fn SSL_CTX_use_PrivateKey(ctx: *mut SSL_CTX, key: *mut EVP_PKEY) -> c_int;
     pub fn SSL_CTX_check_private_key(ctx: *const SSL_CTX) -> c_int;
 
+    pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509;
+    pub fn SSL_CTX_get0_privatekey(ctx: *const SSL_CTX) -> *mut EVP_PKEY;
+
     pub fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int;
 
     pub fn SSL_CTX_set_next_protos_advertised_cb(ssl: *mut SSL_CTX,
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 9a477993..16bc386b 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -762,6 +762,31 @@ impl SslContext {
     }
 }
 
+impl SslContextRef {
+    /// Returns the certificate associated with this `SslContext`, if present.
+    pub fn certificate(&self) -> Option<&X509Ref> {
+        unsafe {
+            let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr());
+            if ptr.is_null() {
+                None
+            } else {
+                Some(X509Ref::from_ptr(ptr))
+            }
+        }
+    }
+
+    /// Returns the private key associated with this `SslContext`, if present.
+    pub fn private_key(&self) -> Option<&PKeyRef> {
+        unsafe {
+            let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr());
+            if ptr.is_null() {
+                None
+            } else {
+                Some(PKeyRef::from_ptr(ptr))
+            }
+        }
+    }
+}
 
 pub struct CipherBits {
     /// The number of secret bits used for the cipher.
@@ -955,6 +980,30 @@ impl SslRef {
         }
     }
 
+    /// Returns the certificate associated with this `Ssl`, if present.
+    pub fn certificate(&self) -> Option<&X509Ref> {
+        unsafe {
+            let ptr = ffi::SSL_get_certificate(self.as_ptr());
+            if ptr.is_null() {
+                None
+            } else {
+                Some(X509Ref::from_ptr(ptr))
+            }
+        }
+    }
+
+    /// Returns the private key associated with this `Ssl`, if present.
+    pub fn private_key(&self) -> Option<&PKeyRef> {
+        unsafe {
+            let ptr = ffi::SSL_get_privatekey(self.as_ptr());
+            if ptr.is_null() {
+                None
+            } else {
+                Some(PKeyRef::from_ptr(ptr))
+            }
+        }
+    }
+
     /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc.
     pub fn version(&self) -> &'static str {
         let version = unsafe {