+
+ cert_list_size = 0;
+ cert_list = gnutls_certificate_get_peers(this->sess, &cert_list_size);
+ if (cert_list == NULL)
+ {
+ certinfo->error = "No certificate was found";
+ goto info_done_dealloc;
+ }
+
+ /* This is not a real world example, since we only check the first
+ * certificate in the given chain.
+ */
+
+ ret = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ certinfo->error = gnutls_strerror(ret);
+ goto info_done_dealloc;
+ }
+
+ gnutls_x509_crt_get_dn(cert, str, &name_size);
+ certinfo->dn = str;
+
+ gnutls_x509_crt_get_issuer_dn(cert, str, &name_size);
+ certinfo->issuer = str;
+
+ if ((ret = gnutls_x509_crt_get_fingerprint(cert, profile->GetHash(), digest, &digest_size)) < 0)
+ {
+ certinfo->error = gnutls_strerror(ret);
+ }
+ else
+ {
+ certinfo->fingerprint = BinToHex(digest, digest_size);
+ }
+
+ /* Beware here we do not check for errors.
+ */
+ if ((gnutls_x509_crt_get_expiration_time(cert) < ServerInstance->Time()) || (gnutls_x509_crt_get_activation_time(cert) > ServerInstance->Time()))
+ {
+ certinfo->error = "Not activated, or expired certificate";
+ }
+
+info_done_dealloc:
+ gnutls_x509_crt_deinit(cert);