X509Certificate SecureStreamSocketImpl::peerCertificate() const
{
X509* pCert = _impl.peerCertificate();
if (pCert)
return X509Certificate(pCert);
else
throw SSLException("No certificate available");
}
std::vector<X509Certificate> SSLSocketImpl::GetPeerCertificateChain() {
lock_guard<mutex> state_lock(state_mutex_);
if (state_ != Socket::CONNECTED && state_ != Socket::CONNECTING) {
throw std::runtime_error("peer certificate does not exist");
}
// SSL_get_peer_cert_chain returns a X509* array and frees them when onclose
STACK_OF(X509*) xcerts = tv_ssl_get_peer_certificate_chain(reinterpret_cast<tv_ssl_t*>(stream_));
if (xcerts == NULL) {
throw std::runtime_error("peer certificate does not exist");
}
// if we use sk_X509_pop, we can't ref them after
std::vector<X509Certificate> certs;
for (int i = 0; i < sk_X509_num(xcerts); i++) {
certs.push_back(X509Certificate(sk_X509_value(xcerts, i)));
// NOTICE: DONOT call X509_free( (X509*)sk_X509_value(xcerts, i) );
}
return certs;
}
