From 049f3f3ef01a4ee71cca109523fbf194f16c3a15 Mon Sep 17 00:00:00 2001
From: Edwin Fine <efine@silentcircle.com>
Date: Sun, 21 Aug 2016 13:01:18 -0400
Subject: [PATCH 1/2] Add h2_connection:get_peercert/1

---
 src/h2_connection.erl | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/h2_connection.erl b/src/h2_connection.erl
index e1e5396a..094b0cba 100644
--- a/src/h2_connection.erl
+++ b/src/h2_connection.erl
@@ -24,6 +24,7 @@
          send_promise/4,
          get_response/2,
          get_peer/1,
+         get_peercert/1,
          get_streams/1,
          send_window_update/2,
          send_frame/2
@@ -226,6 +227,11 @@ send_body(Pid, StreamId, Body, Opts) ->
 get_peer(Pid) ->
     gen_fsm:sync_send_all_state_event(Pid, get_peer).
 
+-spec get_peercert(pid()) ->
+    {ok, binary()} | {error, term()}.
+get_peercert(Pid) ->
+    gen_fsm:sync_send_all_state_event(Pid, get_peercert).
+
 -spec is_push(pid()) -> boolean().
 is_push(Pid) ->
     gen_fsm:sync_send_all_state_event(Pid, is_push).
@@ -1084,6 +1090,18 @@ handle_sync_event(get_peer, _F, StateName,
         {ok, _AddrPort}=OK ->
             {reply, OK, StateName, Conn}
     end;
+handle_sync_event(get_peercert, _F, StateName,
+                  #connection{
+                     socket={Transport,_}=Socket
+                    }=Conn) ->
+    case sock:peercert(Socket) of
+        {error, _}=Error ->
+            lager:warning("failed to fetch peer cert for ~p socket",
+                          [Transport]),
+            {reply, Error, StateName, Conn};
+        {ok, _Cert}=OK ->
+            {reply, OK, StateName, Conn}
+    end;
 handle_sync_event(_E, _F, StateName,
                   #connection{}=Conn) ->
     {next_state, StateName, Conn}.

From 63c9460e2696d1f4ae5a73f6089f9620ace12bda Mon Sep 17 00:00:00 2001
From: Edwin Fine <efine@silentcircle.com>
Date: Tue, 23 Aug 2016 16:17:23 -0400
Subject: [PATCH 2/2] Add sock:peercert/1

---
 src/sock.erl | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/sock.erl b/src/sock.erl
index 44ddddee..27d9a65a 100644
--- a/src/sock.erl
+++ b/src/sock.erl
@@ -14,6 +14,7 @@
          recv/3,
          close/1,
          peername/1,
+         peercert/1,
          setopts/2
         ]).
 
@@ -61,6 +62,11 @@ peername({ssl, Socket}) ->
 peername({gen_tcp, Socket}) ->
     inet:peername(Socket).
 
+peercert({ssl, Socket}) ->
+    ssl:peercert(Socket);
+peercert({gen_tcp, _Socket}) ->
+    {error, unsupported}.
+
 setopts({ssl, Socket}, Opts) ->
     ssl:setopts(Socket, Opts);
 setopts({gen_tcp, Socket}, Opts) ->