Function

SSLCopyPeerCertificates

Retrieves a peer certificate and its certificate chain.

Declaration

OSStatus SSLCopyPeerCertificates(SSLContextRef context, CFArrayRef  _Nullable *certs);

Parameters

context

An SSL session context reference.

certs

On return, a pointer to an array of values of type SecCertificateRef representing the peer certificate and the certificate chain used to validate it. The certificate at index 0 of the returned array is the peer certificate (the subject of the function call—the end certificate in the chain); the root certificate (or the closest certificate to it) is at the end of the returned array. The entire array is created by the Secure Transport library; you must call the CFRelease function for this array when you are finished with it.

Return Value

A result code. See Secure Transport Result Codes.

Discussion

This function is valid any time after a handshake attempt. You can use it to examine a peer certificate, to examine a certificate chain to determine why a handshake attempt failed, or to retrieve the certificate chain in order to validate the certificate yourself. (To disable validation so that you can validate the certificate yourself, use the SSLSetSessionOption function to set the session’s kSSLSessionOptionBreakOnServerAuth flag.)

See Also

Legacy Operations

SSLNewContext

Creates a new Secure Sockets Layer (SSL) session context.

Deprecated
SSLDisposeContext

Disposes of a Secure Sockets Layer (SSL) session context.

Deprecated
SSLSetProtocolVersionEnabled

Sets the allowed Secure Sockets Layer (SSL) protocol versions.

Deprecated
SSLGetProtocolVersionEnabled

Retrieves the enabled status of a given protocol.

Deprecated
SSLSetRsaBlinding

Enables or disables RSA blinding.

Deprecated
SSLGetRsaBlinding

Obtains a value indicating whether RSA blinding is enabled.

Deprecated
SSLSetProtocolVersion

Sets the SSL protocol version.

Deprecated
SSLGetProtocolVersion

Gets the SSL protocol version.

Deprecated
SSLSetAllowsAnyRoot

Specifies whether root certificates from unrecognized certification authorities are allowed.

Deprecated
SSLGetAllowsAnyRoot

Obtains a value specifying whether an unknown root is allowed.

Deprecated
SSLSetAllowsExpiredRoots

Specifies whether expired root certificates are allowed.

Deprecated
SSLGetAllowsExpiredRoots

Retrieves the value indicating whether expired roots are allowed.

Deprecated
SSLSetTrustedRoots

Augments or replaces the default set of trusted root certificates for this session.

Deprecated
SSLCopyTrustedRoots

Retrieves the current list of trusted root certificates.

Deprecated
SSLSetAllowsExpiredCerts

Specifies whether certificate expiration times are ignored.

Deprecated
SSLGetAllowsExpiredCerts

Retrieves the value specifying whether expired certificates are allowed.

Deprecated
SSLSetEnableCertVerify

Enables or disables peer certificate chain validation.

Deprecated
SSLGetEnableCertVerify

Determines whether peer certificate chain validation is currently enabled.

Deprecated
SSLSetEncryptionCertificate

Specifies the encryption certificates used for this connection.

Deprecated