From 06d6d80f8c92ef1d3bd7c00c919e10a411183cb3 Mon Sep 17 00:00:00 2001
From: Garrett D'Amore <garrett@damore.org>
Date: Sun, 5 Oct 2025 16:51:15 -0700
Subject: fixes #2173 New TLS cert API - replaces the properties for CN and
 ALTNAMES.

This will replace the NNG_OPT_TLS_PEER_ALTNAMES and NNG_OPT_TLS_PEER_CN
properties, and gives a bit more access to the certificate, as well as
direct access to the raw DER form, which should allow use in other APIs.
---
 src/supplemental/tls/tls_stream.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

(limited to 'src/supplemental/tls/tls_stream.c')

diff --git a/src/supplemental/tls/tls_stream.c b/src/supplemental/tls/tls_stream.c
index 4a033887..d3dd9497 100644
--- a/src/supplemental/tls/tls_stream.c
+++ b/src/supplemental/tls/tls_stream.c
@@ -15,6 +15,7 @@
 
 #include "../../core/nng_impl.h"
 
+#include "nng/nng.h"
 #include "tls_common.h"
 #include "tls_engine.h"
 #include "tls_stream.h"
@@ -142,6 +143,7 @@ tls_stream_conn_cb(void *arg)
 
 static nng_err tls_stream_get(
     void *arg, const char *name, void *buf, size_t *szp, nni_type t);
+static nng_err tls_stream_peer_cert(void *arg, nng_tls_cert **);
 
 int
 nni_tls_stream_alloc(tls_stream **tsp, nng_tls_config *cfg, nng_aio *user_aio)
@@ -160,12 +162,13 @@ nni_tls_stream_alloc(tls_stream **tsp, nng_tls_config *cfg, nng_aio *user_aio)
 	ts->user_aio = user_aio;
 
 	// NB: free is exposed for benefit of dialer/listener
-	ts->stream.s_free  = nni_tls_stream_free;
-	ts->stream.s_close = tls_stream_close;
-	ts->stream.s_stop  = tls_stream_stop;
-	ts->stream.s_send  = tls_stream_send;
-	ts->stream.s_recv  = tls_stream_recv;
-	ts->stream.s_get   = tls_stream_get;
+	ts->stream.s_free      = nni_tls_stream_free;
+	ts->stream.s_close     = tls_stream_close;
+	ts->stream.s_stop      = tls_stream_stop;
+	ts->stream.s_send      = tls_stream_send;
+	ts->stream.s_recv      = tls_stream_recv;
+	ts->stream.s_get       = tls_stream_get;
+	ts->stream.s_peer_cert = tls_stream_peer_cert;
 
 	nni_aio_init(&ts->conn_aio, tls_stream_conn_cb, ts);
 
@@ -200,6 +203,13 @@ tls_get_peer_cn(void *arg, void *buf, size_t *szp, nni_type t)
 	return (NNG_OK);
 }
 
+static nng_err
+tls_stream_peer_cert(void *arg, nng_tls_cert **certp)
+{
+	tls_stream *ts = arg;
+	return (nni_tls_peer_cert(&ts->conn, certp));
+}
+
 static const nni_option tls_stream_options[] = {
 	{
 	    .o_name = NNG_OPT_TLS_VERIFIED,
-- 
cgit v1.2.3-70-g09d2