fixes #2173 New TLS cert API - replaces the properties for CN and ALTNAMES.

This will replace the NNG_OPT_TLS_PEER_ALTNAMES and NNG_OPT_TLS_PEER_CN properties, and gives a bit more access to the certificate, as well as direct access to the raw DER form, which should allow use in other APIs.
author: Garrett D'Amore <garrett@damore.org> 2025-10-05 16:51:15 -0700
committer: Garrett D'Amore <garrett@damore.org> 2025-10-05 20:56:39 -0700
commit: 06d6d80f8c92ef1d3bd7c00c919e10a411183cb3 (patch)
tree: edf8d4cff9b2f595ccd9e3cb4db3cf31eb13bc02 /src/supplemental/http
parent: d1bd64c8251171ac8e1d4e71ab8726c2a64fd55a (diff)
download: nng-06d6d80f8c92ef1d3bd7c00c919e10a411183cb3.tar.gz
nng-06d6d80f8c92ef1d3bd7c00c919e10a411183cb3.tar.bz2
nng-06d6d80f8c92ef1d3bd7c00c919e10a411183cb3.zip
3 files changed, 27 insertions, 0 deletions
diff --git a/src/supplemental/http/http_api.h b/src/supplemental/http/http_api.h
index a8f648dc..b1a8ec84 100644
--- a/src/supplemental/http/http_api.h
+++ b/src/supplemental/http/http_api.h
@@ -99,6 +99,7 @@ extern void nni_http_conn_close(nng_http *);
 extern void nni_http_conn_fini(nni_http_conn *);
 extern int  nni_http_conn_getopt(
      nng_http *, const char *, void *, size_t *, nni_type);
+extern nng_err nni_http_conn_peer_cert(nng_http *, nng_tls_cert **);
 
 // Reading messages -- the caller must supply a preinitialized (but otherwise
 // idle) message.  We recommend the caller store this in the aio's user data.
diff --git a/src/supplemental/http/http_conn.c b/src/supplemental/http/http_conn.c
index 21087474..93068512 100644
--- a/src/supplemental/http/http_conn.c
+++ b/src/supplemental/http/http_conn.c
@@ -1482,6 +1482,20 @@ nni_http_conn_getopt(
 	return (rv);
 }
 
+nng_err
+nni_http_conn_peer_cert(nni_http_conn *conn, nng_tls_cert **certp)
+{
+	int rv;
+	nni_mtx_lock(&conn->mtx);
+	if (conn->closed) {
+		rv = NNG_ECLOSED;
+	} else {
+		rv = nng_stream_peer_cert(conn->sock, certp);
+	}
+	nni_mtx_unlock(&conn->mtx);
+	return (rv);
+}
+
 void
 nni_http_conn_fini(nni_http_conn *conn)
 {
diff --git a/src/supplemental/http/http_public.c b/src/supplemental/http/http_public.c
index 9c8ded2d..5c7d8a77 100644
--- a/src/supplemental/http/http_public.c
+++ b/src/supplemental/http/http_public.c
@@ -651,3 +651,15 @@ nng_http_reset(nng_http *conn)
 	NNI_ARG_UNUSED(conn);
 #endif
 }
+
+nng_err
+nng_http_peer_cert(nng_http *conn, nng_tls_cert **certp)
+{
+#ifdef NNG_SUPP_HTTP
+	return (nni_http_conn_peer_cert(conn, certp));
+#else
+	NNI_ARG_UNUSED(conn);
+	NNI_ARG_UNUSED(certp);
+	return (NNG_ENOTSUP);
+#endif
+}
author	Garrett D'Amore <garrett@damore.org>	2025-10-05 16:51:15 -0700
committer	Garrett D'Amore <garrett@damore.org>	2025-10-05 20:56:39 -0700
commit	06d6d80f8c92ef1d3bd7c00c919e10a411183cb3 (patch)
tree	edf8d4cff9b2f595ccd9e3cb4db3cf31eb13bc02 /src/supplemental/http
parent	d1bd64c8251171ac8e1d4e71ab8726c2a64fd55a (diff)
download	nng-06d6d80f8c92ef1d3bd7c00c919e10a411183cb3.tar.gz nng-06d6d80f8c92ef1d3bd7c00c919e10a411183cb3.tar.bz2 nng-06d6d80f8c92ef1d3bd7c00c919e10a411183cb3.zip