Introduce UnbufferedAsioTlsStream#GetPeerCertificate()

lib/base/tlsstream.cpp

@@ -465,6 +465,11 @@ String UnbufferedAsioTlsStream::GetVerifyError() const
 	return m_VerifyError;
 }
 
+std::shared_ptr<X509> UnbufferedAsioTlsStream::GetPeerCertificate()
+{
+	return std::shared_ptr<X509>(SSL_get_peer_certificate(native_handle()), X509_free);
+}
+
 void UnbufferedAsioTlsStream::BeforeHandshake(handshake_type type)
 {
 	namespace ssl = boost::asio::ssl;

lib/base/tlsstream.hpp

@@ -119,6 +119,7 @@ public:
 
 	bool IsVerifyOK() const;
 	String GetVerifyError() const;
+	std::shared_ptr<X509> GetPeerCertificate();
 
 	template<class... Args>
 	inline

lib/remote/apilistener.cpp

@@ -523,7 +523,7 @@ void ApiListener::NewClientHandlerInternal(boost::asio::yield_context yc, const
 		}
 	});
 
-	std::shared_ptr<X509> cert (SSL_get_peer_certificate(sslConn.native_handle()), X509_free);
+	std::shared_ptr<X509> cert (sslConn.GetPeerCertificate());
 	bool verify_ok = false;
 	String identity;
 	Endpoint::Ptr endpoint;

lib/remote/jsonrpcconnection-pki.cpp

@@ -34,7 +34,7 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
 	/* Use the presented client certificate if not provided. */
 	if (certText.IsEmpty()) {
 		auto stream (origin->FromClient->GetStream());
-		cert = std::shared_ptr<X509>(SSL_get_peer_certificate(stream->next_layer().native_handle()), X509_free);
+		cert = stream->next_layer().GetPeerCertificate();
 	} else {
 		cert = StringToCertificate(certText);
 	}