X509Certificate SecureStreamSocketImpl::peerCertificate() const { X509* pCert = _impl.peerCertificate(); if (pCert) return X509Certificate(pCert); else throw SSLException("No certificate available"); }
std::vector<X509Certificate> SSLSocketImpl::GetPeerCertificateChain() { lock_guard<mutex> state_lock(state_mutex_); if (state_ != Socket::CONNECTED && state_ != Socket::CONNECTING) { throw std::runtime_error("peer certificate does not exist"); } // SSL_get_peer_cert_chain returns a X509* array and frees them when onclose STACK_OF(X509*) xcerts = tv_ssl_get_peer_certificate_chain(reinterpret_cast<tv_ssl_t*>(stream_)); if (xcerts == NULL) { throw std::runtime_error("peer certificate does not exist"); } // if we use sk_X509_pop, we can't ref them after std::vector<X509Certificate> certs; for (int i = 0; i < sk_X509_num(xcerts); i++) { certs.push_back(X509Certificate(sk_X509_value(xcerts, i))); // NOTICE: DONOT call X509_free( (X509*)sk_X509_value(xcerts, i) ); } return certs; }