+int
+rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN])
+{
+ X509 *cert;
+ int res;
+
+ if (F->ssl == NULL)
+ return 0;
+
+ cert = SSL_get_peer_certificate((SSL *) F->ssl);
+ if(cert != NULL)
+ {
+ res = SSL_get_verify_result((SSL *) F->ssl);
+ if(res == X509_V_OK ||
+ res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
+ res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
+ res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+ {
+ memcpy(certfp, cert->sha1_hash, RB_SSL_CERTFP_LEN);
+ return 1;
+ }
+ }
+
+ return 0;
+}
+