1 files changed, 13 insertions, 1 deletions

diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
index bf525170f1..8fb56c92b7 100644
--- a/src/lib/libtls/tls_conninfo.c
+++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.27 2024/03/26 06:31:22 jsing Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.28 2024/12/10 08:40:30 tb Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -119,6 +119,14 @@ tls_get_peer_cert_subject(struct tls *ctx, char **subject)
 }
 
 static int
+tls_get_peer_cert_common_name(struct tls *ctx, char **common_name)
+{
+        if (ctx->ssl_peer_cert == NULL)
+                return (-1);
+        return tls_get_common_name(ctx, ctx->ssl_peer_cert, NULL, common_name);
+}
+
+static int
 tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
     time_t *notafter)
 {
@@ -158,6 +166,9 @@ tls_get_peer_cert_info(struct tls *ctx)
                 goto err;
         if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1)
                 goto err;
+        if (tls_get_peer_cert_common_name(ctx,
+            &ctx->conninfo->common_name) == -1)
+                goto err;
         if (tls_get_peer_cert_times(ctx, &ctx->conninfo->notbefore,
             &ctx->conninfo->notafter) == -1)
                 goto err;
@@ -298,6 +309,7 @@ tls_conninfo_free(struct tls_conninfo *conninfo)
         free(conninfo->servername);
         free(conninfo->version);
 
+        free(conninfo->common_name);
         free(conninfo->hash);
         free(conninfo->issuer);
         free(conninfo->subject);