thrift-tls: Expose client common name in connection context

Summary: Server can find out client's common name through
Cpp2ConnContext::getPeerCommonName

Reviewed By: @siyengar

Differential Revision: D2469588

diff --git a/folly/io/async/AsyncSSLSocket.h b/folly/io/async/AsyncSSLSocket.h
index 6385eef50338ffccca33f2e643f4b00b88db827d..6fead8468d60fb1b97dfb2f88bc392f4a54bbde9 100644 (file)
--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -80,6 +80,7 @@ class SSLException: public folly::AsyncSocketException {
 class AsyncSSLSocket : public virtual AsyncSocket {
  public:
   typedef std::unique_ptr<AsyncSSLSocket, Destructor> UniquePtr;
+  using X509_deleter = folly::static_function_deleter<X509, &X509_free>;
 
   class HandshakeCB {
    public:
@@ -730,6 +731,18 @@ class AsyncSSLSocket : public virtual AsyncSocket {
 
   void setReadCB(ReadCallback* callback) override;
 
+  /**
+   * Returns the peer certificate, or nullptr if no peer certificate received.
+   */
+  std::unique_ptr<X509, X509_deleter> getPeerCert() const {
+    if (!ssl_) {
+      return nullptr;
+    }
+
+    X509* cert = SSL_get_peer_certificate(ssl_);
+    return std::unique_ptr<X509, X509_deleter>(cert);
+  }
+
  private:
 
   void init();