commit ee0c82789ab87ec0773009a10f3518abf24075f6
author David Benjamin <davidben@chromium.org> Sun Sep 13 01:03:54 2015 -0400
committer Adam Langley <agl@google.com> Mon Sep 14 23:30:54 2015 +0000
tree 48864b0c5282ebb9b574708ef3f512f3e219f94c
parent 27bbae46821b3c50ee26b3f65cc3bb369c5ce5ff

Move SSL_get_peer_* to Connection information.

This is arguably more commonly queried connection information than the
tls-unique.

Change-Id: I1f080536153ba9f178af8e92cb43b03df37110b5
Reviewed-on: https://boringssl-review.googlesource.com/5874
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 34a4c90..06a32df 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -941,6 +941,21 @@
 
 /* Connection information. */
 
+/* SSL_get_peer_certificate returns the peer's leaf certificate or NULL if the
+ * peer did not use certificates. The caller must call |X509_free| on the
+ * result to release it. */
+OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *ssl);
+
+/* SSL_get_peer_cert_chain returns the peer's certificate chain or NULL if
+ * unavailable or the peer did not use certificates. For historical reasons,
+ * this may not be available if resuming a serialized |SSL_SESSION|. The caller
+ * does not take ownership of the result.
+ *
+ * WARNING: This function behaves differently between client and server. If
+ * |ssl| is a server, the returned chain does not include the leaf certificate.
+ * If a client, it does. */
+OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
+
 /* SSL_get_tls_unique writes at most |max_out| bytes of the tls-unique value
  * for |ssl| to |out| and sets |*out_len| to the number of bytes written. It
  * returns one on success or zero on error. In general |max_out| should be at
@@ -2380,21 +2395,6 @@
 OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_from_bytes(const uint8_t *in,
                                                    size_t in_len);
 
-/* SSL_get_peer_certificate returns the peer's leaf certificate or NULL if the
- * peer did not use certificates. The caller must call |X509_free| on the
- * result to release it. */
-OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *ssl);
-
-/* SSL_get_peer_cert_chain returns the peer's certificate chain or NULL if
- * unavailable or the peer did not use certificates. For historical reasons,
- * this may not be available if resuming a serialized |SSL_SESSION|. The caller
- * does not take ownership of the result.
- *
- * WARNING: This function behaves differently between client and server. If
- * |ssl| is a server, the returned chain does not include the leaf certificate.
- * If a client, it does. */
-OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
-
 OPENSSL_EXPORT int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
 OPENSSL_EXPORT int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
 OPENSSL_EXPORT int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(