SSL_get_certificate(3) | OpenSSL | SSL_get_certificate(3) |
#include <openssl/ssl.h> X509 *SSL_get_certificate(const SSL *s); EVP_PKEY *SSL_get_privatekey(const SSL *s);
Multiple certificates can be configured; for example, a server might have both RSA and ECDSA certificates. The certificate which is returned by SSL_get_certificate() is determined as follows:
Certificate selection occurs during the handshake; therefore, the value returned by SSL_get_certificate() during any callback made during the handshake process will depend on whether that callback is made before or after certificate selection occurs.
A specific use for SSL_get_certificate() is inside a callback set via a call to SSL_CTX_set_tlsext_status_cb(3). This callback occurs after certificate selection, where it can be used to examine a server's chosen certificate, for example for the purpose of identifying a certificate's OCSP responder URL so that an OCSP response can be obtained.
SSL_get_privatekey() returns a pointer to the EVP_PKEY object corresponding to the certificate returned by SSL_get_certificate(), if any.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
2023-05-07 | 3.0.12 |