Is there a way to retrieve the certificate from SSL_CTX?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Is there a way to retrieve the certificate from SSL_CTX?

Paul Smith
I'm trying to write a simple function to dump the expiration date of the certificates in my SSL_CTX cert store.

I've managed to retrieve and show the CA certificates from the certificate store, and the certificate chain, but I can't find a method that retrieves the certificate itself from SSL_CTX. Is this something that is retrievable?

E.g., I'm adding my certificate with SSL_CTX_use_certificate(); is there a way to get it back out?
Reply | Threaded
Open this post in threaded view
|

Re: Is there a way to retrieve the certificate from SSL_CTX?

Wim Lewis-3
On 5. mar. 2019, at 10:14 f.h., Paul Smith <[hidden email]> wrote:
> E.g., I'm adding my certificate with SSL_CTX_use_certificate(); is there a way to get it back out?

Does SSL_CTX_get0_certificate() do what you need?

(The "get0" (vs "get") indicates its reference-counting semantics.)


Reply | Threaded
Open this post in threaded view
|

Re: Is there a way to retrieve the certificate from SSL_CTX?

Paul Smith
On Tue, 2019-03-05 at 11:28 -0800, Wim Lewis wrote:
> On 5. mar. 2019, at 10:14 f.h., Paul Smith <[hidden email]>
> wrote:
> > E.g., I'm adding my certificate with SSL_CTX_use_certificate(); is
> > there a way to get it back out?
>
> Does SSL_CTX_get0_certificate() do what you need?

AHA!  That seems to do the trick.  If only it were discussed in a man
page [0], I might have found it... :)

Thanks Wim!


[0] After you pointed me to it I did find it listed in the ssl(7) man
    page, but no info on it.