Re: [PATCH 4/9] tls: Pass the verified peer identity to "ready" callback

Extract a human-readable peer identity string from the supplied certificate and pass it to the ready callback provided by API user to indicate that the peer has actually been authenticated. For some users it will only really matter whether the value is non-NULL meaning that the peer is trusted by the locally configured CA, while for others, such as web browsers it's useful to display a human-readable peer identity to the user so they can see if a website is served by who they think it belongs to. If we got a peer certificate but user supplied no CAs or peer couldn't be authenticated, don't bother to extract the identity string and pass NULL. Until now we'd always pass NULL (there was a TODO comment) because we'd hoped we could at some point leverage the kernel's certificate parser to extract the subject name. The newly added tls_get_peer_identity_str might also fit in cert.c instead of tls.c. --- ell/tls.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 67 insertions(+), 3 deletions(-)