Get common name and subject alternative names of peer certificate (#1617)

Co-authored-by: Christian Fischbach <cfischbach@mac.com>

3 files changed, 29 insertions, 6 deletions

diff --git a/docs/man/nng_tls.7.adoc b/docs/man/nng_tls.7.adoc
index 24fbc5f9..017af4fc 100644
--- a/docs/man/nng_tls.7.adoc
+++ b/docs/man/nng_tls.7.adoc
@@ -127,6 +127,8 @@ Note that setting these must be done before the transport is started.
 * xref:nng_tls_options.5.adoc#NNG_OPT_TLS_CERT_KEY_FILE[`NNG_OPT_TLS_CERT_KEY_FILE`]
 * xref:nng_tls_options.5.adoc#NNG_OPT_TLS_CONFIG[`NNG_OPT_TLS_CONFIG`]
 * xref:nng_tls_options.5.adoc#NNG_OPT_TLS_VERIFIED[`NNG_OPT_TLS_VERIFIED_`]
+* xref:nng_tls_options.5.adoc#NNG_OPT_TLS_PEER_CN[`NNG_OPT_TLS_PEER_CN`]
+* xref:nng_tls_options.5.adoc#NNG_OPT_TLS_PEER_ALT_NAMES[`NNG_OPT_TLS_PEER_ALT_NAMES`]
 * xref:nng_options.5.adoc#NNG_OPT_URL[`NNG_OPT_URL`]
 
 == SEE ALSO
diff --git a/docs/man/nng_tls_options.5.adoc b/docs/man/nng_tls_options.5.adoc
index e2db237f..a06a600f 100644
--- a/docs/man/nng_tls_options.5.adoc
+++ b/docs/man/nng_tls_options.5.adoc
@@ -20,12 +20,14 @@ nng_tls_options - TLS-specific options
 ----
 #include <nng/nng.h>
 
-#define NNG_OPT_TLS_AUTH_MODE     "tls-authmode"
-#define NNG_OPT_TLS_CA_FILE       "tls-ca-file"
-#define NNG_OPT_TLS_CERT_KEY_FILE "tls-cert-key-file"
-#define NNG_OPT_TLS_CONFIG        "tls-config"
-#define NNG_OPT_TLS_SERVER_NAME   "tls-server-name"
-#define NNG_OPT_TLS_VERIFIED      "tls-verified"
+#define NNG_OPT_TLS_AUTH_MODE      "tls-authmode"
+#define NNG_OPT_TLS_CA_FILE        "tls-ca-file"
+#define NNG_OPT_TLS_CERT_KEY_FILE  "tls-cert-key-file"
+#define NNG_OPT_TLS_CONFIG         "tls-config"
+#define NNG_OPT_TLS_SERVER_NAME    "tls-server-name"
+#define NNG_OPT_TLS_VERIFIED       "tls-verified"
+#define NNG_OPT_TLS_PEER_CN        "tls-peer-cn"
+#define NNG_OPT_TLS_PEER_ALT_NAMES "tls-peer-alt-names"
 ----
 
 == DESCRIPTION
@@ -91,6 +93,16 @@ This read-only option indicates whether the remote peer has been properly verifi
 authentication.
 May return incorrect results if peer authentication is disabled.
 
+[[NNG_OPT_TLS_PEER_CN]]((`NNG_OPT_TLS_PEER_CN`))::
+(string)
+This read-only option returns the common name of the peer certificate.
+May return incorrect results if peer authentication is disabled.
+
+[[NNG_OPT_TLS_PEER_ALT_NAMES]]((`NNG_OPT_TLS_PEER_ALT_NAMES`))::
+(string)
+This read-only option returns string list with the subject alternative names of the
+peer certificate. May return incorrect results if peer authentication is disabled.
+
 === Inherited Options
 
 Generally, the following option values are also available for TLS objects,
diff --git a/docs/man/nng_ws.7.adoc b/docs/man/nng_ws.7.adoc
index 349955b1..171ec934 100644
--- a/docs/man/nng_ws.7.adoc
+++ b/docs/man/nng_ws.7.adoc
@@ -199,6 +199,15 @@ more details.
 authentication.
 May return incorrect results if peer authentication is disabled.
 
+`NNG_OPT_TLS_PEER_CN`::
+(string) This read-only option returns the common name of the peer certificate.
+May return incorrect results if peer authentication is disabled.
+
+`NNG_OPT_TLS_PEER_ALT_NAMES`::
+(string list) returns string list with the subject alternative names of the
+peer certificate. May return incorrect results if peer authentication
+is disabled.
+
 // We should also look at a hook mechanism for listeners. Probably this could
 // look like NNG_OPT_WS_LISTEN_HOOK_FUNC which would take a function pointer
 // along the lines of int hook(void *, char *req_headers, char **res_headers),