diff options
| author | Christian Fischbach <me@cfish.de> | 2023-02-09 00:48:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-08 19:48:17 -0400 |
| commit | 8e1836f57e8bcdb228dd5baadc71dfbf30b544e0 (patch) | |
| tree | 39ac5b8be89ee83dec8096cd775d122585cb5f31 /include | |
| parent | 481436f374732f04cc328ecb9d07bc9d9d324043 (diff) | |
| download | nng-8e1836f57e8bcdb228dd5baadc71dfbf30b544e0.tar.gz nng-8e1836f57e8bcdb228dd5baadc71dfbf30b544e0.tar.bz2 nng-8e1836f57e8bcdb228dd5baadc71dfbf30b544e0.zip | |
Get common name and subject alternative names of peer certificate (#1617)
Co-authored-by: Christian Fischbach <cfischbach@mac.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/nng/nng.h | 13 | ||||
| -rw-r--r-- | include/nng/supplemental/tls/engine.h | 8 |
2 files changed, 21 insertions, 0 deletions
diff --git a/include/nng/nng.h b/include/nng/nng.h index 811cb456..5bb320b6 100644 --- a/include/nng/nng.h +++ b/include/nng/nng.h @@ -755,6 +755,19 @@ NNG_DECL nng_listener nng_pipe_listener(nng_pipe); // peer authentication is disabled with `NNG_TLS_AUTH_MODE_NONE`. #define NNG_OPT_TLS_VERIFIED "tls-verified" +// NNG_OPT_TLS_PEER_CN returns the string with the common name +// of the peer certificate. Typically this is read-only and +// only available for pipes. This option may return incorrect results if +// peer authentication is disabled with `NNG_TLS_AUTH_MODE_NONE`. +#define NNG_OPT_TLS_PEER_CN "tls-peer-cn" + +// NNG_OPT_TLS_PEER_ALT_NAMES returns string list with the +// subject alternative names of the peer certificate. Typically this is +// read-only and only available for pipes. This option may return +// incorrect results if peer authentication is disabled with +// `NNG_TLS_AUTH_MODE_NONE`. +#define NNG_OPT_TLS_PEER_ALT_NAMES "tls-peer-alt-names" + // TCP options. These may be supported on various transports that use // TCP underneath such as TLS, or not. diff --git a/include/nng/supplemental/tls/engine.h b/include/nng/supplemental/tls/engine.h index 81385fbc..309d83c5 100644 --- a/include/nng/supplemental/tls/engine.h +++ b/include/nng/supplemental/tls/engine.h @@ -80,6 +80,14 @@ typedef struct nng_tls_engine_conn_ops_s { // verified returns true if the connection is fully // TLS verified, false otherwise. bool (*verified)(nng_tls_engine_conn *); + + // peer_cn returns the common name of the peer + // The return string needs to be freed. + char *(*peer_cn)(nng_tls_engine_conn *); + + // peer_alt_names returns the subject alternative names. + // The return string list and its strings need to be freed. + char **(*peer_alt_names)(nng_tls_engine_conn *); } nng_tls_engine_conn_ops; typedef struct nng_tls_engine_config_ops_s { |