From 8e1836f57e8bcdb228dd5baadc71dfbf30b544e0 Mon Sep 17 00:00:00 2001 From: Christian Fischbach Date: Thu, 9 Feb 2023 00:48:17 +0100 Subject: Get common name and subject alternative names of peer certificate (#1617) Co-authored-by: Christian Fischbach --- include/nng/nng.h | 13 +++++++++++++ include/nng/supplemental/tls/engine.h | 8 ++++++++ 2 files changed, 21 insertions(+) (limited to 'include') diff --git a/include/nng/nng.h b/include/nng/nng.h index 811cb456..5bb320b6 100644 --- a/include/nng/nng.h +++ b/include/nng/nng.h @@ -755,6 +755,19 @@ NNG_DECL nng_listener nng_pipe_listener(nng_pipe); // peer authentication is disabled with `NNG_TLS_AUTH_MODE_NONE`. #define NNG_OPT_TLS_VERIFIED "tls-verified" +// NNG_OPT_TLS_PEER_CN returns the string with the common name +// of the peer certificate. Typically this is read-only and +// only available for pipes. This option may return incorrect results if +// peer authentication is disabled with `NNG_TLS_AUTH_MODE_NONE`. +#define NNG_OPT_TLS_PEER_CN "tls-peer-cn" + +// NNG_OPT_TLS_PEER_ALT_NAMES returns string list with the +// subject alternative names of the peer certificate. Typically this is +// read-only and only available for pipes. This option may return +// incorrect results if peer authentication is disabled with +// `NNG_TLS_AUTH_MODE_NONE`. +#define NNG_OPT_TLS_PEER_ALT_NAMES "tls-peer-alt-names" + // TCP options. These may be supported on various transports that use // TCP underneath such as TLS, or not. diff --git a/include/nng/supplemental/tls/engine.h b/include/nng/supplemental/tls/engine.h index 81385fbc..309d83c5 100644 --- a/include/nng/supplemental/tls/engine.h +++ b/include/nng/supplemental/tls/engine.h @@ -80,6 +80,14 @@ typedef struct nng_tls_engine_conn_ops_s { // verified returns true if the connection is fully // TLS verified, false otherwise. bool (*verified)(nng_tls_engine_conn *); + + // peer_cn returns the common name of the peer + // The return string needs to be freed. + char *(*peer_cn)(nng_tls_engine_conn *); + + // peer_alt_names returns the subject alternative names. + // The return string list and its strings need to be freed. + char **(*peer_alt_names)(nng_tls_engine_conn *); } nng_tls_engine_conn_ops; typedef struct nng_tls_engine_config_ops_s { -- cgit v1.2.3-70-g09d2