From 17b973baa8c4a5fc9f80807b2ddfe874c7cc4bb0 Mon Sep 17 00:00:00 2001
From: Alex Landau <alandau@fb.com>
Date: Thu, 1 Oct 2015 15:35:37 -0700
Subject: [PATCH] thrift-tls: Expose client common name in connection context

Summary: Server can find out client's common name through
Cpp2ConnContext::getPeerCommonName

Reviewed By: @siyengar

Differential Revision: D2469588
---
 folly/io/async/AsyncSSLSocket.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/folly/io/async/AsyncSSLSocket.h b/folly/io/async/AsyncSSLSocket.h
index 6385eef5..6fead846 100644
--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -80,6 +80,7 @@ class SSLException: public folly::AsyncSocketException {
 class AsyncSSLSocket : public virtual AsyncSocket {
  public:
   typedef std::unique_ptr<AsyncSSLSocket, Destructor> UniquePtr;
+  using X509_deleter = folly::static_function_deleter<X509, &X509_free>;
 
   class HandshakeCB {
    public:
@@ -730,6 +731,18 @@ class AsyncSSLSocket : public virtual AsyncSocket {
 
   void setReadCB(ReadCallback* callback) override;
 
+  /**
+   * Returns the peer certificate, or nullptr if no peer certificate received.
+   */
+  std::unique_ptr<X509, X509_deleter> getPeerCert() const {
+    if (!ssl_) {
+      return nullptr;
+    }
+
+    X509* cert = SSL_get_peer_certificate(ssl_);
+    return std::unique_ptr<X509, X509_deleter>(cert);
+  }
+
  private:
 
   void init();
-- 
2.34.1