1=pod 2 3=head1 NAME 4 5SSL_get_peer_certificate, 6SSL_get0_peer_certificate, 7SSL_get1_peer_certificate - get the X509 certificate of the peer 8 9=head1 SYNOPSIS 10 11 #include <openssl/ssl.h> 12 13 X509 *SSL_get0_peer_certificate(const SSL *ssl); 14 X509 *SSL_get1_peer_certificate(const SSL *ssl); 15 16The following function has been deprecated since OpenSSL 3.0, 17and can be hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable 18version value, see L<openssl_user_macros(7)>: 19 20 X509 *SSL_get_peer_certificate(const SSL *ssl); 21 22=head1 DESCRIPTION 23 24These functions return a pointer to the X509 certificate the 25peer presented. If the peer did not present a certificate, NULL is returned. 26 27=head1 NOTES 28 29Due to the protocol definition, a TLS/SSL server will always send a 30certificate, if present. A client will only send a certificate when 31explicitly requested to do so by the server (see 32L<SSL_CTX_set_verify(3)>). If an anonymous cipher 33is used, no certificates are sent. 34 35That a certificate is returned does not indicate information about the 36verification state, use L<SSL_get_verify_result(3)> 37to check the verification state. 38 39The reference count of the X509 object returned by SSL_get1_peer_certificate() 40is incremented by one, so that it will not be destroyed when the session 41containing the peer certificate is freed. The X509 object must be explicitly 42freed using X509_free(). 43 44The reference count of the X509 object returned by SSL_get0_peer_certificate() 45is not incremented, and must not be freed. 46 47SSL_get_peer_certificate() is an alias of SSL_get1_peer_certificate(). 48 49=head1 RETURN VALUES 50 51The following return values can occur: 52 53=over 4 54 55=item NULL 56 57No certificate was presented by the peer or no connection was established. 58 59=item Pointer to an X509 certificate 60 61The return value points to the certificate presented by the peer. 62 63=back 64 65=head1 SEE ALSO 66 67L<ssl(7)>, L<SSL_get_verify_result(3)>, 68L<SSL_CTX_set_verify(3)> 69 70=head1 HISTORY 71 72SSL_get0_peer_certificate() and SSL_get1_peer_certificate() were added in 3.0.0. 73SSL_get_peer_certificate() was deprecated in 3.0.0. 74 75=head1 COPYRIGHT 76 77Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. 78 79Licensed under the Apache License 2.0 (the "License"). You may not use 80this file except in compliance with the License. You can obtain a copy 81in the file LICENSE in the source distribution or at 82L<https://www.openssl.org/source/license.html>. 83 84=cut 85