ircd::openssl: Add getters for X509 from SSL_CTX.

2024-12-26 07:23:53 +01:00 · 2019-09-30 13:11:52 -07:00 · 2019-09-30 13:11:52 -07:00 · d45b18f3e8
commit d45b18f3e8
parent 43a86a428c
2 changed files with 36 additions and 1 deletions
--- a/include/ircd/openssl.h
+++ b/include/ircd/openssl.h
@ -112,6 +112,8 @@ namespace ircd::openssl
 	std::string stringify(const X509 &);
 	const X509 &peer_cert(const SSL &);
 	X509 &peer_cert(SSL &);
+	const X509 &cert(const SSL_CTX &);
+	X509 &cert(SSL_CTX &);

 	int get_error(const X509_STORE_CTX &);
 	const char *cert_error_string(const long &);
@ -123,7 +125,6 @@ namespace ircd::openssl
 	// Cipher suite
 	string_view name(const SSL_CIPHER &);
 	const SSL_CIPHER *current_cipher(const SSL &);
-
 	string_view shared_ciphers(const mutable_buffer &buf, const SSL &);
 	string_view cipher_list(const SSL &, const int &priority);
 	std::string cipher_list(const SSL_CTX &, const int &priority = 0);
--- a/ircd/openssl.cc
+++ b/ircd/openssl.cc
@ -287,6 +287,40 @@ ircd::openssl::get_error(const X509_STORE_CTX &cx)
 	return X509_STORE_CTX_get_error(&mcx);
 }

+X509 &
+ircd::openssl::cert(SSL_CTX &ssl)
+{
+	auto *const ret
+	{
+		SSL_CTX_get0_certificate(&ssl)
+	};
+
+	if(unlikely(!ret))
+		throw error
+		{
+			"No X509 certificate for SSL context."
+		};
+
+	return *ret;
+}
+
+const X509 &
+ircd::openssl::cert(const SSL_CTX &ssl)
+{
+	const auto *const ret
+	{
+		SSL_CTX_get0_certificate(&ssl)
+	};
+
+	if(unlikely(!ret))
+		throw error
+		{
+			"No X509 certificate for SSL context."
+		};
+
+	return *ret;
+}
+
 X509 &
 ircd::openssl::peer_cert(SSL &ssl)
 {