From 8e1836f57e8bcdb228dd5baadc71dfbf30b544e0 Mon Sep 17 00:00:00 2001 From: Christian Fischbach Date: Thu, 9 Feb 2023 00:48:17 +0100 Subject: Get common name and subject alternative names of peer certificate (#1617) Co-authored-by: Christian Fischbach --- docs/man/nng_tls.7.adoc | 2 ++ docs/man/nng_tls_options.5.adoc | 24 ++++++++++++++++++------ docs/man/nng_ws.7.adoc | 9 +++++++++ 3 files changed, 29 insertions(+), 6 deletions(-) (limited to 'docs/man') diff --git a/docs/man/nng_tls.7.adoc b/docs/man/nng_tls.7.adoc index 24fbc5f9..017af4fc 100644 --- a/docs/man/nng_tls.7.adoc +++ b/docs/man/nng_tls.7.adoc @@ -127,6 +127,8 @@ Note that setting these must be done before the transport is started. * xref:nng_tls_options.5.adoc#NNG_OPT_TLS_CERT_KEY_FILE[`NNG_OPT_TLS_CERT_KEY_FILE`] * xref:nng_tls_options.5.adoc#NNG_OPT_TLS_CONFIG[`NNG_OPT_TLS_CONFIG`] * xref:nng_tls_options.5.adoc#NNG_OPT_TLS_VERIFIED[`NNG_OPT_TLS_VERIFIED_`] +* xref:nng_tls_options.5.adoc#NNG_OPT_TLS_PEER_CN[`NNG_OPT_TLS_PEER_CN`] +* xref:nng_tls_options.5.adoc#NNG_OPT_TLS_PEER_ALT_NAMES[`NNG_OPT_TLS_PEER_ALT_NAMES`] * xref:nng_options.5.adoc#NNG_OPT_URL[`NNG_OPT_URL`] == SEE ALSO diff --git a/docs/man/nng_tls_options.5.adoc b/docs/man/nng_tls_options.5.adoc index e2db237f..a06a600f 100644 --- a/docs/man/nng_tls_options.5.adoc +++ b/docs/man/nng_tls_options.5.adoc @@ -20,12 +20,14 @@ nng_tls_options - TLS-specific options ---- #include -#define NNG_OPT_TLS_AUTH_MODE "tls-authmode" -#define NNG_OPT_TLS_CA_FILE "tls-ca-file" -#define NNG_OPT_TLS_CERT_KEY_FILE "tls-cert-key-file" -#define NNG_OPT_TLS_CONFIG "tls-config" -#define NNG_OPT_TLS_SERVER_NAME "tls-server-name" -#define NNG_OPT_TLS_VERIFIED "tls-verified" +#define NNG_OPT_TLS_AUTH_MODE "tls-authmode" +#define NNG_OPT_TLS_CA_FILE "tls-ca-file" +#define NNG_OPT_TLS_CERT_KEY_FILE "tls-cert-key-file" +#define NNG_OPT_TLS_CONFIG "tls-config" +#define NNG_OPT_TLS_SERVER_NAME "tls-server-name" +#define NNG_OPT_TLS_VERIFIED "tls-verified" +#define NNG_OPT_TLS_PEER_CN "tls-peer-cn" +#define NNG_OPT_TLS_PEER_ALT_NAMES "tls-peer-alt-names" ---- == DESCRIPTION @@ -91,6 +93,16 @@ This read-only option indicates whether the remote peer has been properly verifi authentication. May return incorrect results if peer authentication is disabled. +[[NNG_OPT_TLS_PEER_CN]]((`NNG_OPT_TLS_PEER_CN`)):: +(string) +This read-only option returns the common name of the peer certificate. +May return incorrect results if peer authentication is disabled. + +[[NNG_OPT_TLS_PEER_ALT_NAMES]]((`NNG_OPT_TLS_PEER_ALT_NAMES`)):: +(string) +This read-only option returns string list with the subject alternative names of the +peer certificate. May return incorrect results if peer authentication is disabled. + === Inherited Options Generally, the following option values are also available for TLS objects, diff --git a/docs/man/nng_ws.7.adoc b/docs/man/nng_ws.7.adoc index 349955b1..171ec934 100644 --- a/docs/man/nng_ws.7.adoc +++ b/docs/man/nng_ws.7.adoc @@ -199,6 +199,15 @@ more details. authentication. May return incorrect results if peer authentication is disabled. +`NNG_OPT_TLS_PEER_CN`:: +(string) This read-only option returns the common name of the peer certificate. +May return incorrect results if peer authentication is disabled. + +`NNG_OPT_TLS_PEER_ALT_NAMES`:: +(string list) returns string list with the subject alternative names of the +peer certificate. May return incorrect results if peer authentication +is disabled. + // We should also look at a hook mechanism for listeners. Probably this could // look like NNG_OPT_WS_LISTEN_HOOK_FUNC which would take a function pointer // along the lines of int hook(void *, char *req_headers, char **res_headers), -- cgit v1.2.3-70-g09d2