| 2568 | |
| 2569 | #[pymethod] |
| 2570 | fn get_unverified_chain(&self, vm: &VirtualMachine) -> PyResult<Option<PyListRef>> { |
| 2571 | let stream = self.connection.read(); |
| 2572 | let ssl = stream.ssl(); |
| 2573 | let Some(chain) = ssl.peer_cert_chain() else { |
| 2574 | return Ok(None); |
| 2575 | }; |
| 2576 | |
| 2577 | // Return Certificate objects |
| 2578 | let mut certs: Vec<PyObjectRef> = chain |
| 2579 | .iter() |
| 2580 | .map(|cert| unsafe { |
| 2581 | sys::X509_up_ref(cert.as_ptr()); |
| 2582 | let owned = X509::from_ptr(cert.as_ptr()); |
| 2583 | cert_to_certificate(vm, owned) |
| 2584 | }) |
| 2585 | .collect::<PyResult<_>>()?; |
| 2586 | |
| 2587 | // SSL_get_peer_cert_chain does not include peer cert for server-side sockets |
| 2588 | // Add it manually at the beginning |
| 2589 | if matches!(self.socket_type, SslServerOrClient::Server) |
| 2590 | && let Some(peer_cert) = ssl.peer_certificate() |
| 2591 | { |
| 2592 | let peer_obj = cert_to_certificate(vm, peer_cert)?; |
| 2593 | certs.insert(0, peer_obj); |
| 2594 | } |
| 2595 | |
| 2596 | Ok(Some(vm.ctx.new_list(certs))) |
| 2597 | } |
| 2598 | |
| 2599 | #[pymethod] |
| 2600 | fn get_verified_chain(&self, vm: &VirtualMachine) -> PyResult<Option<PyListRef>> { |