*** UNIX MANUAL PAGE BROWSER ***

SSL_GET_PEER_CERT_CHAIN(3) FreeBSD Library Functions Manual NAME SSL_get_peer_cert_chain - get the X509 certificate chain sent by the peer SYNOPSIS #include <openssl/ssl.h> STACK_OF(X509) * SSL_get_peer_cert_chain(const SSL *ssl); DESCRIPTION SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509) certificates forming the certificate chain of the peer. If called on the client side, the stack also contains the peer's certificate; if called on the server side, the peer's certificate must be obtained separately using SSL_get_peer_certificate(3). If the peer did not present a certificate, NULL is returned. SSL_get_peer_cert_chain() returns the peer chain as sent by the peer: it only consists of certificates the peer has sent (in the order the peer has sent them) and it is not a verified chain. If the session is resumed, peers do not send certificates, so a NULL pointer is returned. Applications can call SSL_session_reused() to determine whether a session is resumed. The reference count of the STACK_OF(X509) object is not incremented. If the corresponding session is freed, the pointer must not be used any longer. RETURN VALUES The following return values can occur: NULL No certificate was presented by the peer or no connection was established or the certificate chain is no longer available when a session is reused. Pointer to a STACK_OF(X509) The return value points to the certificate chain presented by the peer. SEE ALSO ssl(3), SSL_get_peer_certificate(3) HISTORY SSL_get_peer_cert_chain() first appeared in SSLeay 0.8.0 and has been available since OpenBSD 2.4. FreeBSD 14.1-RELEASE-p8 March 27, 2018 FreeBSD 14.1-RELEASE-p8