+ cert_list_size = 0;
+ cert_list = gnutls_certificate_get_peers(this->sess, &cert_list_size);
+ if (cert_list == NULL)
+ {
+ certinfo->error = "No certificate was found";
+ goto info_done_dealloc;
+ }
+
+ /* This is not a real world example, since we only check the first
+ * certificate in the given chain.
+ */
+
+ ret = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ certinfo->error = gnutls_strerror(ret);
+ goto info_done_dealloc;
+ }
+
+ if (gnutls_x509_crt_get_dn(cert, str, &name_size) == 0)
+ {
+ std::string& dn = certinfo->dn;
+ dn = str;
+ // Make sure there are no chars in the string that we consider invalid
+ if (dn.find_first_of("\r\n") != std::string::npos)
+ dn.clear();
+ }
+
+ name_size = sizeof(str);
+ if (gnutls_x509_crt_get_issuer_dn(cert, str, &name_size) == 0)
+ {
+ std::string& issuer = certinfo->issuer;
+ issuer = str;
+ if (issuer.find_first_of("\r\n") != std::string::npos)
+ issuer.clear();
+ }
+
+ if ((ret = gnutls_x509_crt_get_fingerprint(cert, profile->GetHash(), digest, &digest_size)) < 0)
+ {
+ certinfo->error = gnutls_strerror(ret);
+ }
+ else
+ {
+ certinfo->fingerprint = BinToHex(digest, digest_size);
+ }
+
+ /* Beware here we do not check for errors.
+ */
+ if ((gnutls_x509_crt_get_expiration_time(cert) < ServerInstance->Time()) || (gnutls_x509_crt_get_activation_time(cert) > ServerInstance->Time()))
+ {
+ certinfo->error = "Not activated, or expired certificate";
+ }
+
+info_done_dealloc:
+ gnutls_x509_crt_deinit(cert);