$NetBSD: SSL_get_certificate.3,v 1.5 2024/09/08 13:08:34 christos Exp $

-*- mode: troff; coding: utf-8 -*-
Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)

Standard preamble:
========================================================================
..

..

.. \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
. ds C` "" . ds C' "" 'br\} . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF ========================================================================

Title "SSL_get_certificate 3" For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
SSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate and private key Header "SYNOPSIS" .Vb 1 #include <openssl/ssl.h> \& X509 *SSL_get_certificate(const SSL *s); EVP_PKEY *SSL_get_privatekey(const SSL *s); .Ve Header "DESCRIPTION" \fBSSL_get_certificate() returns a pointer to an X509 object representing a certificate used as the local peer's identity.

Multiple certificates can be configured; for example, a server might have both RSA and ECDSA certificates. The certificate which is returned by \fBSSL_get_certificate() is determined as follows:

If it is called before certificate selection has occurred, it returns the most recently added certificate, or NULL if no certificate has been added. After certificate selection has occurred, it returns the certificate which was selected during the handshake, or NULL if no certificate was selected (for example, on a client where no client certificate is in use).

Certificate selection occurs during the handshake; therefore, the value returned by SSL_get_certificate() during any callback made during the handshake process will depend on whether that callback is made before or after certificate selection occurs.

A specific use for SSL_get_certificate() is inside a callback set via a call to \fBSSL_CTX_set_tlsext_status_cb\|(3). This callback occurs after certificate selection, where it can be used to examine a server's chosen certificate, for example for the purpose of identifying a certificate's OCSP responder URL so that an OCSP response can be obtained.

\fBSSL_get_privatekey() returns a pointer to the EVP_PKEY object corresponding to the certificate returned by SSL_get_certificate(), if any.

Header "RETURN VALUES" These functions return pointers to their respective objects, or NULL if no such object is available. Returned objects are owned by the SSL object and should not be freed by users of these functions. Header "SEE ALSO" \fBssl\|(7), SSL_CTX_set_tlsext_status_cb\|(3) Header "COPYRIGHT" Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.