From 342ce9ee33b13a2b108b57724f92a98420862971 Mon Sep 17 00:00:00 2001
From: Anirudh Ramachandran <avr@fb.com>
Date: Fri, 29 Jul 2016 12:20:33 -0700
Subject: [PATCH] Add a const getter for X509 used in handshake (server-side)

Summary:
Similar to other getters such as getSSLCertSize, but returns a const X509*.
This may be useful to get cert parameters after handshake is complete
(or in error).

Reviewed By: yfeldblum

Differential Revision: D3636598

fbshipit-source-id: 98f0e2987de53d6343541ef0ed588f9ad18390cd
---
 folly/io/async/AsyncSSLSocket.cpp | 4 ++++
 folly/io/async/AsyncSSLSocket.h   | 5 +++++
 folly/io/async/AsyncTransport.h   | 7 +++++++
 3 files changed, 16 insertions(+)

diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp
index 572d8800..a326ca5c 100644
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -880,6 +880,10 @@ int AsyncSSLSocket::getSSLCertSize() const {
   return certSize;
 }
 
+const X509* AsyncSSLSocket::getSelfCert() const {
+  return (ssl_ != nullptr) ? SSL_get_certificate(ssl_) : nullptr;
+}
+
 bool AsyncSSLSocket::willBlock(int ret,
                                int* sslErrorOut,
                                unsigned long* errErrorOut) noexcept {
diff --git a/folly/io/async/AsyncSSLSocket.h b/folly/io/async/AsyncSSLSocket.h
index eb6251c7..0efd73bd 100644
--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -457,6 +457,11 @@ class AsyncSSLSocket : public virtual AsyncSocket {
    */
   int getSSLCertSize() const;
 
+  /**
+   * Get the certificate used for this SSL connection. May be null
+   */
+  virtual const X509* getSelfCert() const override;
+
   virtual void attachEventBase(EventBase* eventBase) override {
     AsyncSocket::attachEventBase(eventBase);
     handshakeTimeout_.attachEventBase(eventBase);
diff --git a/folly/io/async/AsyncTransport.h b/folly/io/async/AsyncTransport.h
index d421bb6b..632a782b 100644
--- a/folly/io/async/AsyncTransport.h
+++ b/folly/io/async/AsyncTransport.h
@@ -326,6 +326,13 @@ class AsyncTransport : public DelayedDestruction, public AsyncSocketBase {
    */
   virtual ssl::X509UniquePtr getPeerCert() const { return nullptr; }
 
+  /**
+   * The local certificate used for this connection. May be null
+   */
+  virtual const X509* getSelfCert() const {
+    return nullptr;
+  }
+
   /**
    * @return True iff end of record tracking is enabled
    */
-- 
2.34.1