Add framework for switching certs based on signature_algorithms TLS extension.

[folly.git] / folly / io / async / AsyncSSLSocket.cpp

diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp
index e7a556c0d92b6aa5a546e954031c485bba66de0b..9ca8e8e51518ceb007780deb5047cae77fb11120 100644 (file)
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -807,6 +807,15 @@ int AsyncSSLSocket::getSSLVersion() const {
   return (ssl_ != nullptr) ? SSL_version(ssl_) : 0;
 }
 
+const char *AsyncSSLSocket::getSSLCertSigAlgName() const {
+  X509 *cert = (ssl_ != nullptr) ? SSL_get_certificate(ssl_) : nullptr;
+  if (cert) {
+    int nid = OBJ_obj2nid(cert->sig_alg->algorithm);
+    return OBJ_nid2ln(nid);
+  }
+  return nullptr;
+}
+
 int AsyncSSLSocket::getSSLCertSize() const {
   int certSize = 0;
   X509 *cert = (ssl_ != nullptr) ? SSL_get_certificate(ssl_) : nullptr;