#include <cat/cat.h>
int catcert_getpeercert(cat_session *sess, cat_data *certlist, int ncerts);
The function fills in the data
and len
fields of the supplied array of certificates. The first certificate in the
list will be that of the peer, the remaining certificates comprise the CA
chain. A maximum of
ncerts elements will be filled in.
sess is the session from which the certificate chain is retrieved.
certlist is a pointer to an array of cat_data
structures. This must be sufficiently large.
ncerts is the maximum number of certificates to be retrieved.
The data fields will point to data associated with the session. This data must not be changed, and it will go out of scope if the session is closed or a new certificate chain is installed.
int i, ncerts; char *subject; cat_cert *tmpcert; cat_data chain[10];
if ((ncerts = catcert_getpeercert(sess, chain, 10)) < 1) { printf("No certificates available\n"); } else { printf("%d certificates in chain"); if (ncerts > 10) { printf(" (chain truncated)\n"); ncerts = 10; } else { printf("\n"); } for (i = 0; i < ncerts; i++) { if (catcert_parse(&chain[i], &tmpcert) < 0) { printf("unable to parse certificate\n"); continue; } if (catcert_subjectname(tmpcert, &subject) < 0) { printf("unable to get subject name\n"); } else { printf("subject: <%s>\n", subject); /* Actually UTF-8 */ free(subject); } catcert_free(tmpcert); } }