2 files changed, 43 insertions, 14 deletions

diff --git a/src/sp/transport/tls/tls.c b/src/sp/transport/tls/tls.c
index 0bd4c284..528b05ec 100644
--- a/src/sp/transport/tls/tls.c
+++ b/src/sp/transport/tls/tls.c
@@ -952,6 +952,14 @@ tlstran_pipe_getopt(
 	return (rv);
 }
 
+static nng_err
+tlstran_pipe_peer_cert(void *arg, nng_tls_cert **certp)
+{
+	tlstran_pipe *p = arg;
+
+	return (nng_stream_peer_cert(p->tls, certp));
+}
+
 static size_t
 tlstran_pipe_size(void)
 {
@@ -959,15 +967,16 @@ tlstran_pipe_size(void)
 }
 
 static nni_sp_pipe_ops tlstran_pipe_ops = {
-	.p_size   = tlstran_pipe_size,
-	.p_init   = tlstran_pipe_init,
-	.p_fini   = tlstran_pipe_fini,
-	.p_stop   = tlstran_pipe_stop,
-	.p_send   = tlstran_pipe_send,
-	.p_recv   = tlstran_pipe_recv,
-	.p_close  = tlstran_pipe_close,
-	.p_peer   = tlstran_pipe_peer,
-	.p_getopt = tlstran_pipe_getopt,
+	.p_size      = tlstran_pipe_size,
+	.p_init      = tlstran_pipe_init,
+	.p_fini      = tlstran_pipe_fini,
+	.p_stop      = tlstran_pipe_stop,
+	.p_send      = tlstran_pipe_send,
+	.p_recv      = tlstran_pipe_recv,
+	.p_close     = tlstran_pipe_close,
+	.p_peer      = tlstran_pipe_peer,
+	.p_getopt    = tlstran_pipe_getopt,
+	.p_peer_cert = tlstran_pipe_peer_cert,
 };
 
 static nni_option tlstran_ep_options[] = {
diff --git a/src/sp/transport/tls/tls_tran_test.c b/src/sp/transport/tls/tls_tran_test.c
index 73c299c8..1b69c65f 100644
--- a/src/sp/transport/tls/tls_tran_test.c
+++ b/src/sp/transport/tls/tls_tran_test.c
@@ -227,11 +227,31 @@ test_tls_pipe_details(void)
 	p = nng_msg_get_pipe(msg);
 	NUTS_TRUE(nng_pipe_id(p) >= 0);
 #if !defined(NNG_TLS_ENGINE_WOLFSSL) || defined(NNG_WOLFSSL_HAVE_PEER_CERT)
-	char *cn;
-	NUTS_PASS(nng_pipe_get_string(p, NNG_OPT_TLS_PEER_CN, &cn));
-	NUTS_ASSERT(cn != NULL);
-	NUTS_MATCH(cn, "127.0.0.1");
-	nng_strfree(cn);
+	nng_tls_cert *cert;
+	char         *name;
+	NUTS_PASS(nng_pipe_peer_cert(p, &cert));
+	NUTS_PASS(nng_tls_cert_subject(cert, &name));
+	NUTS_ASSERT(name != NULL);
+	nng_log_debug(NULL, "SUBJECT: %s", name);
+	NUTS_PASS(nng_tls_cert_issuer(cert, &name));
+	NUTS_ASSERT(name != NULL);
+	nng_log_debug(NULL, "ISSUER: %s", name);
+	NUTS_PASS(nng_tls_cert_serial_number(cert, &name));
+	NUTS_ASSERT(name != NULL);
+	nng_log_debug(NULL, "SERIAL: %s", name);
+	NUTS_PASS(nng_tls_cert_subject_cn(cert, &name));
+	NUTS_MATCH(name, "127.0.0.1");
+	NUTS_PASS(nng_tls_cert_next_alt(cert, &name));
+	nng_log_debug(NULL, "FIRST ALT: %s", name);
+	NUTS_MATCH(name, "localhost");
+	NUTS_FAIL(nng_tls_cert_next_alt(cert, &name), NNG_ENOENT);
+	struct tm when;
+	NUTS_PASS(nng_tls_cert_not_before(cert, &when));
+	nng_log_debug(NULL, "BEGINS: %s", asctime(&when));
+	NUTS_PASS(nng_tls_cert_not_after(cert, &when));
+	nng_log_debug(NULL, "EXPIRES: %s", asctime(&when));
+
+	nng_tls_cert_free(cert);
 #endif
 	nng_msg_free(msg);
 	NUTS_CLOSE(s2);