From: Alex Landau <alandau@fb.com>
Date: Thu, 1 Oct 2015 22:35:37 +0000 (-0700)
Subject: thrift-tls: Expose client common name in connection context
X-Git-Tag: deprecate-dynamic-initializer~364
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=17b973baa8c4a5fc9f80807b2ddfe874c7cc4bb0;p=folly.git

thrift-tls: Expose client common name in connection context

Summary: Server can find out client's common name through
Cpp2ConnContext::getPeerCommonName

Reviewed By: @siyengar

Differential Revision: D2469588
---

diff --git a/folly/io/async/AsyncSSLSocket.h b/folly/io/async/AsyncSSLSocket.h
index 6385eef5..6fead846 100644
--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -80,6 +80,7 @@ class SSLException: public folly::AsyncSocketException {
 class AsyncSSLSocket : public virtual AsyncSocket {
  public:
   typedef std::unique_ptr<AsyncSSLSocket, Destructor> UniquePtr;
+  using X509_deleter = folly::static_function_deleter<X509, &X509_free>;
 
   class HandshakeCB {
    public:
@@ -730,6 +731,18 @@ class AsyncSSLSocket : public virtual AsyncSocket {
 
   void setReadCB(ReadCallback* callback) override;
 
+  /**
+   * Returns the peer certificate, or nullptr if no peer certificate received.
+   */
+  std::unique_ptr<X509, X509_deleter> getPeerCert() const {
+    if (!ssl_) {
+      return nullptr;
+    }
+
+    X509* cert = SSL_get_peer_certificate(ssl_);
+    return std::unique_ptr<X509, X509_deleter>(cert);
+  }
+
  private:
 
   void init();