These methods mirror the existing methods that fetch the peer certificate and
chain. Due to various factors (SNI, multiple key types, etc.) it is not always
trivial for an application to determine what certificate was presented to the
client. However there are various use-cases where this is needed, such as
tls-server-end-point channel binding and OCSP stapling.
Requires OpenSSL 1.0.2+ (note: SSL_get_certificate() has existed for a very
long time, but was lacking documentation until OpenSSL 3.0).
* The commit de393417b7 introduces high dependency due raices requirement to openssl 1.1.0l+
* The X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were added in OpenSSL 1.1.0.
* This patch makes luasec runs on all kind of embebed systems that cannot be upgraded due vendors limitations
Either intentionaly or due to bug in openssl in some marginal
cases SSL_send reports SYSCALL error whilst errno is set to 0.
This either could mean that SSL_send did not made any system
call or errno were prematurely reset with consequent syscalls.
And in consequence sendraw() is not propagate correct errno
ends up in infinite loop trying to send same data.
Such behaviour was usually observed after third consequential
failed SSL send attempt which application was not aware of.
First send failed with syscall errno 32 (Broken pipe) second
one with SSL error 0x1409e10f (bad length) and lastly next
send attemt results with SYSCALL error and errno 0.
Tested using:
* OpenSSL v1.1.1
* musl v1.1.20 (c50985d5c8e316c5c464f352e79eeebfed1121a9)
* Linux 4.4.60+yocto armv7l
