From 5a0398df33ef2f0ed66ef4703c13b3edae754bae Mon Sep 17 00:00:00 2001
From: Adam Dickmeiss <adam@indexdata.dk>
Date: Wed, 29 Jan 2014 10:14:16 +0100
Subject: [PATCH] Implement cs_get_peer_certificate_x509 for GnuTLS

---
 include/yaz/comstack.h |    6 +-----
 src/tcpip.c            |   35 ++++++++++++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/include/yaz/comstack.h b/include/yaz/comstack.h
index d5a2c8e..e4237e6 100644
--- a/include/yaz/comstack.h
+++ b/include/yaz/comstack.h
@@ -137,11 +137,7 @@ YAZ_EXPORT int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
 #endif
     ;
 YAZ_EXPORT int cs_set_ssl_certificate_file(COMSTACK cs, const char *fname);
-YAZ_EXPORT int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
-#ifdef __GNUC__
-    __attribute__ ((deprecated))
-#endif
-    ;
+YAZ_EXPORT int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len);
 YAZ_EXPORT void cs_set_max_recv_bytes(COMSTACK cs, int max_recv_bytes);
 YAZ_EXPORT void cs_print_session_info(COMSTACK cs);
 
diff --git a/src/tcpip.c b/src/tcpip.c
index 610e6ce..64942ae 100644
--- a/src/tcpip.c
+++ b/src/tcpip.c
@@ -1510,7 +1510,40 @@ int cs_set_ssl_certificate_file(COMSTACK cs, const char *fname)
 
 int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
 {
-    /* doesn't do anything for GNUTLS */
+
+#if HAVE_GNUTLS_H
+#if USE_GNUTLS_X509_CRT_PRINT
+    struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate;
+    if (cs->type == ssl_type && sp->session)
+    {
+        const gnutls_datum_t *cert_list;
+        unsigned cert_list_size;
+        if (gnutls_certificate_type_get(sp->session) != GNUTLS_CRT_X509)
+            return 0;
+        cert_list = gnutls_certificate_get_peers(sp->session, &cert_list_size);
+        if (cert_list_size > 0)
+        {
+            gnutls_x509_crt_t cert;
+            int ret;
+            gnutls_datum_t cinfo;
+
+            gnutls_x509_crt_init(&cert);
+            gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER);
+
+            ret = gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &cinfo);
+            if (ret == 0)
+            {
+                *buf = xstrdup((char *) cinfo.data);
+                *len = strlen(*buf);
+                gnutls_free(cinfo.data);
+                gnutls_x509_crt_deinit(cert);
+                return 1;
+            }
+            gnutls_x509_crt_deinit(cert);
+        }
+    }
+#endif
+#endif
     return 0;
 }
 
-- 
1.7.10.4