NAME

catcert_getpeercert - get peer certificate chain

SYNOPSIS

#include <cat/cat.h>

int catcert_getpeercert(cat_session *sess, cat_data *certlist, int ncerts);

DESCRIPTION

This function retrieves the peer certificate chain, specified as pointers directly into the private data of the session.

The function fills in the data and len fields of the supplied array of certificates. The first certificate in the list will be that of the peer, the remaining certificates comprise the CA chain. A maximum of ncerts elements will be filled in.

sess is the session from which the certificate chain is retrieved.

certlist is a pointer to an array of cat_data structures. This must be sufficiently large.

ncerts is the maximum number of certificates to be retrieved.

The data fields will point to data associated with the session. This data must not be changed, and it will go out of scope if the session is closed or a new certificate chain is installed.

RETURN VALUES

The function returns the total number of certificates in the chain, or an error code if none are installed.

EXAMPLE

The following piece of code can be used to retrieve a maximum of 10 certificates in a chain, and print their subject names:

  int i, ncerts;
  char *subject;
  cat_cert *tmpcert;
  cat_data chain[10];

  if ((ncerts = catcert_getpeercert(sess, chain, 10)) < 1) {
      printf("No certificates available\n");
  } else {
      printf("%d certificates in chain");
      if (ncerts > 10) {
          printf(" (chain truncated)\n");
          ncerts = 10;
      } else {
          printf("\n");
      }
      for (i = 0; i < ncerts; i++) {
          if (catcert_parse(&chain[i], &tmpcert) < 0) {
              printf("unable to parse certificate\n");
              continue;
          }
          if (catcert_subjectname(tmpcert, &subject) < 0) {
              printf("unable to get subject name\n");
          } else {
              printf("subject: <%s>\n", subject); /* Actually UTF-8 */
              free(subject);
          }
          catcert_free(tmpcert);
      }
  }

SEE ALSO

cat, catcert