| Subject: | Add an API for servers to get at their own certificate |
The ->get_fingerprint and various related methods allow easy access from an SSL *client* to access information about the certificate the server presented them.
However, on the server side of the socket there's no easy way to get at my own cert.
I have some server code in which I have to get the fingerprint of the certificate being used to talk to a client, and currently it has to do the following ugly hackery:
my $ssl = $sock->_get_ssl_object; # gut-wrench
my $cert = Net::SSLeay::get_certificate( $ssl );
my $algo = "sha256";
my $fingerprint = Net::SSLeay::X509_digest( $cert, Net::SSLeay::EVP_get_digestbyname( $algo ) );
I don't so much object to calling documented Net::SSLeay functions to get the fingerprint of a given certificate, but I couldn't work out how to get at my own certificate out of the socket object in the first place, hence the first two lines.
Maybe there could be a method added similar to ->peer_certificate, which could simplify this to
my $cert = $sock->get_self_certificate;
Or maybe steal the peer/sock naming pair convention from lower levels of the socket stack and call it
my $cert = $sock->get_sock_certificate;
--
Paul Evans