Add peer_cert_chain

2017-07-29 10:34:10 -07:00 · 2017-07-29 10:34:10 -07:00 · c2164a4864
parent a132834132
commit c2164a4864
2 changed files with 16 additions and 0 deletions
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@ -2240,6 +2240,7 @@ extern "C" {
    #[cfg(libressl)]
    pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const libc::c_void;
    pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509;
+    pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509;
    pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD;
    pub fn SSL_get_version(ssl: *const SSL) -> *const c_char;
    pub fn SSL_state_string(ssl: *const SSL) -> *const c_char;
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -1257,6 +1257,21 @@ impl SslRef {
        }
    }

+    /// Returns the certificate chain of the peer, if present.
+    ///
+    /// On the client side, the chain includes the leaf certificate, but on the server side it does
+    /// not. Fun!
+    pub fn peer_cert_chain(&self) -> Option<&StackRef<X509>> {
+        unsafe {
+            let ptr = ffi::SSL_get_peer_cert_chain(self.as_ptr());
+            if ptr.is_null() {
+                None
+            } else {
+                Some(StackRef::from_ptr(ptr))
+            }
+        }
+    }
+
    /// Returns the certificate associated with this `Ssl`, if present.
    pub fn certificate(&self) -> Option<&X509Ref> {
        unsafe {