X-Git-Url: http://git.indexdata.com/?a=blobdiff_plain;f=src%2Ftcpip.c;h=64942aeee390622b10c194388a5bc8a853f78877;hb=d0a4d2462d57a0392daf2eb0dc053d91aff5d285;hp=610e6ce390a7d1129c657e301c18727ad9ff0949;hpb=c1f23597ea64485e2362d658f3653211202cc6a8;p=yaz-moved-to-github.git

diff --git a/src/tcpip.c b/src/tcpip.c
index 610e6ce..64942ae 100644
--- a/src/tcpip.c
+++ b/src/tcpip.c
@@ -1510,7 +1510,40 @@ int cs_set_ssl_certificate_file(COMSTACK cs, const char *fname)
 
 int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
 {
-    /* doesn't do anything for GNUTLS */
+
+#if HAVE_GNUTLS_H
+#if USE_GNUTLS_X509_CRT_PRINT
+    struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate;
+    if (cs->type == ssl_type && sp->session)
+    {
+        const gnutls_datum_t *cert_list;
+        unsigned cert_list_size;
+        if (gnutls_certificate_type_get(sp->session) != GNUTLS_CRT_X509)
+            return 0;
+        cert_list = gnutls_certificate_get_peers(sp->session, &cert_list_size);
+        if (cert_list_size > 0)
+        {
+            gnutls_x509_crt_t cert;
+            int ret;
+            gnutls_datum_t cinfo;
+
+            gnutls_x509_crt_init(&cert);
+            gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER);
+
+            ret = gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &cinfo);
+            if (ret == 0)
+            {
+                *buf = xstrdup((char *) cinfo.data);
+                *len = strlen(*buf);
+                gnutls_free(cinfo.data);
+                gnutls_x509_crt_deinit(cert);
+                return 1;
+            }
+            gnutls_x509_crt_deinit(cert);
+        }
+    }
+#endif
+#endif
     return 0;
 }