.\"
.\"	$OpenBSD: SSL_get_peer_cert_chain.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
.\"
.Dd $Mdocdate: December 2 2014 $
.Dt SSL_GET_PEER_CERT_CHAIN 3
.Os
.Sh NAME
.Nm SSL_get_peer_cert_chain
.Nd get the X509 certificate chain of the peer
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft STACK_OF(X509) *
.Fn SSL_get_peer_cert_chain "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_peer_cert_chain
returns a pointer to
.Dv STACK_OF Ns Po Vt X509 Pc
certificates forming the certificate chain of the peer.
If called on the client side, the stack also contains the peer's certificate;
if called on the server side, the peer's certificate must be obtained
separately using
.Xr SSL_get_peer_certificate 3 .
If the peer did not present a certificate,
.Dv NULL
is returned.
.Sh NOTES
The peer certificate chain is not necessarily available after reusing a
session, in which case a
.Dv NULL
pointer is returned.
.Pp
The reference count of the
.Dv STACK_OF Ns Po Vt X509 Pc
object is not incremented.
If the corresponding session is freed, the pointer must not be used any longer.
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It Dv NULL
No certificate was presented by the peer or no connection was established or
the certificate chain is no longer available when a session is reused.
.It Pointer to a Dv STACK_OF Ns Po X509 Pc
The return value points to the certificate chain presented by the peer.
.El
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_get_peer_certificate 3