[openssl-users] Fwd: SSL_get_certificate()

Viktor Dukhovni openssl-users at dukhovni.org
Sat Nov 4 23:39:00 UTC 2017

> On Nov 4, 2017, at 7:11 PM, Jeremy Harris <jgh at wizmail.org> wrote:
> 1.0.2k fips.

I hope you're not enabling, or at least not voluntarily enabling
FIPS mode, but that's off-topic...

> Server, having loaded two certs (one rsa, one ecdsa) using
> SSL_CTX_use_certificate_chain_file().
> After SSL_accept(), call SSL_get_certificate() to see what
> cert was presented.

The negotiated certificate is only populated in the server SSL
handle when you've registered a TLS status callback.  See


> What should I be doing different?

For now, instantiate the callback.  I think we should look into
changing the behaviour at some point to always make this available
at the completion of the handshake.  And document
SSL_get_certificate().  Feel free to open an issue on Github...


More information about the openssl-users mailing list