From 06d6d80f8c92ef1d3bd7c00c919e10a411183cb3 Mon Sep 17 00:00:00 2001
From: Garrett D'Amore <garrett@damore.org>
Date: Sun, 5 Oct 2025 16:51:15 -0700
Subject: fixes #2173 New TLS cert API - replaces the properties for CN and
 ALTNAMES.

This will replace the NNG_OPT_TLS_PEER_ALTNAMES and NNG_OPT_TLS_PEER_CN
properties, and gives a bit more access to the certificate, as well as
direct access to the raw DER form, which should allow use in other APIs.
---
 src/core/stream.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

(limited to 'src/core/stream.c')

diff --git a/src/core/stream.c b/src/core/stream.c
index e0da3582..61a8a3ba 100644
--- a/src/core/stream.c
+++ b/src/core/stream.c
@@ -12,12 +12,13 @@
 
 #include <string.h>
 
-#include "core/nng_impl.h"
+#include "nng_impl.h"
 
-#include "core/sockfd.h"
-#include "core/tcp.h"
-#include "supplemental/tls/tls_api.h"
-#include "supplemental/websocket/websocket.h"
+#include "sockfd.h"
+#include "tcp.h"
+
+#include "../supplemental/tls/tls_api.h"
+#include "../supplemental/websocket/websocket.h"
 
 static struct {
 	const char *scheme;
@@ -384,6 +385,15 @@ nng_stream_get_addr(nng_stream *s, const char *n, nng_sockaddr *v)
 	return (nni_stream_get(s, n, v, NULL, NNI_TYPE_SOCKADDR));
 }
 
+nng_err
+nng_stream_peer_cert(nng_stream *s, nng_tls_cert **certp)
+{
+	if (s->s_peer_cert == NULL) {
+		return (NNG_ENOTSUP);
+	}
+	return (s->s_peer_cert(s, certp));
+}
+
 nng_err
 nng_stream_dialer_get_int(nng_stream_dialer *d, const char *n, int *v)
 {
-- 
cgit v1.2.3-70-g09d2