Function esp_idf_sys::mbedtls_ssl_get_peer_cert
source · pub unsafe extern "C" fn mbedtls_ssl_get_peer_cert(
ssl: *const mbedtls_ssl_context,
) -> *const mbedtls_x509_crt
Expand description
\brief Return the peer certificate from the current connection.
\param ssl The SSL context to use. This must be initialized and setup.
\return The current peer certificate, if available. The returned certificate is owned by the SSL context and is valid only until the next call to the SSL API. \return \c NULL if no peer certificate is available. This might be because the chosen ciphersuite doesn’t use CRTs (PSK-based ciphersuites, for example), or because #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled, allowing the stack to free the peer’s CRT to save memory.
\note For one-time inspection of the peer’s certificate during the handshake, consider registering an X.509 CRT verification callback through mbedtls_ssl_conf_verify() instead of calling this function. Using mbedtls_ssl_conf_verify() also comes at the benefit of allowing you to influence the verification process, for example by masking expected and tolerated verification failures.
\warning You must not use the pointer returned by this function after any further call to the SSL API, including mbedtls_ssl_read() and mbedtls_ssl_write(); this is because the pointer might change during renegotiation, which happens transparently to the user. If you want to use the certificate across API calls, you must make a copy.