From 9a07b3af9ba9d314ade52491eb9af3578f963b37 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 7 Dec 2021 14:07:47 -0700
Subject: [PATCH 1/2] print out PEM of peer cert with example client

---
 examples/client/client.c | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/examples/client/client.c b/examples/client/client.c
index 364a215ff..450bc5568 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -1531,6 +1531,37 @@ static const char* client_usage_msg[][70] = {
 
 };
 
+static void showPeerPEM(WOLFSSL* ssl)
+{
+#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_BIO)
+    WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
+    if (peer) {
+        WOLFSSL_BIO* bioOut = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
+        if (bioOut == NULL) {
+            printf("failed to get bio on stdout\n");
+        }
+        else {
+            if (wolfSSL_BIO_set_fp(bioOut, stdout, BIO_NOCLOSE)
+                != WOLFSSL_SUCCESS) {
+                printf("failed to set stdout to bio output\n");
+                wolfSSL_BIO_free(bioOut);
+                bioOut = NULL;
+            }
+        }
+
+        if (bioOut) {
+            wolfSSL_BIO_write(bioOut, "---\nServer certificate\n",
+                    XSTRLEN("---\nServer certificate\n"));
+            wolfSSL_PEM_write_bio_X509(bioOut, peer);
+        }
+        wolfSSL_BIO_free(bioOut);
+    }
+    wolfSSL_FreeX509(peer);
+#endif /* (OPENSSL_ALL || OPENSSL_EXTRA) && !NO_BIO */
+    (void)ssl;
+}
+
+
 static void Usage(void)
 {
     int msgid = 0;
@@ -3535,6 +3566,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 
     showPeerEx(ssl, lng_index);
+    showPeerPEM(ssl);
 
     /* if the caller requested a particular cipher, check here that either
      * a canonical name of the established cipher matches the requested
@@ -4032,6 +4064,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         }
 
         showPeerEx(sslResume, lng_index);
+        showPeerPEM(sslResume);
 
         if (wolfSSL_session_reused(sslResume))
             printf("reused session id\n");

From ad078a735822ddc84f73e83341bdd0b2123316b4 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 8 Dec 2021 13:45:37 -0700
Subject: [PATCH 2/2] adjust macro guard in example client

---
 examples/client/client.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index 450bc5568..68cf8017d 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -1533,7 +1533,7 @@ static const char* client_usage_msg[][70] = {
 
 static void showPeerPEM(WOLFSSL* ssl)
 {
-#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_BIO)
+#if defined(OPENSSL_ALL) && !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN)
     WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
     if (peer) {
         WOLFSSL_BIO* bioOut = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
@@ -1557,7 +1557,7 @@ static void showPeerPEM(WOLFSSL* ssl)
         wolfSSL_BIO_free(bioOut);
     }
     wolfSSL_FreeX509(peer);
-#endif /* (OPENSSL_ALL || OPENSSL_EXTRA) && !NO_BIO */
+#endif /* OPENSSL_ALL && WOLFSSL_CERT_GEN && !NO_BIO */
     (void)ssl;
 }