From e73ab551b400ab7ddeccfcbbf8f48b97c4403f2b Mon Sep 17 00:00:00 2001
From: Thomas Grainger <tagrain@gmail.com>
Date: Thu, 25 Feb 2021 15:27:36 +0000
Subject: [PATCH] support OPT_X_TLS_PEERCERT

---
 Doc/reference/ldap.rst |  2 +-
 Modules/options.c      | 17 ++++++++++++++++-
 Tests/t_ldapobject.py  |  1 +
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/Doc/reference/ldap.rst b/Doc/reference/ldap.rst
index 16220f3b..4b68576f 100644
--- a/Doc/reference/ldap.rst
+++ b/Doc/reference/ldap.rst
@@ -383,7 +383,7 @@ TLS options
 
 .. py:data:: OPT_X_TLS_PEERCERT
 
-   Get peer's certificate as binary ASN.1 data structure (not supported)
+   Get peer's certificate as binary ASN.1 data structure
 
 .. py:data:: OPT_X_TLS_PROTOCOL_MIN
 
diff --git a/Modules/options.c b/Modules/options.c
index 549a6726..364b6b51 100644
--- a/Modules/options.c
+++ b/Modules/options.c
@@ -5,6 +5,7 @@
 #include "LDAPObject.h"
 #include "ldapcontrol.h"
 #include "options.h"
+#include "berval.h"
 
 void
 set_timeval_from_double(struct timeval *tv, double d)
@@ -235,6 +236,7 @@ LDAP_get_option(LDAPObject *self, int option)
 {
     int res;
     int intval;
+    struct berval *bv;
     struct timeval *tv;
     LDAPAPIInfo apiinfo;
     LDAPControl **lcs;
@@ -399,7 +401,20 @@ LDAP_get_option(LDAPObject *self, int option)
         v = LDAPControls_to_List(lcs);
         ldap_controls_free(lcs);
         return v;
-
+#ifdef LDAP_OPT_X_TLS_PEERCERT
+    case LDAP_OPT_X_TLS_PEERCERT:
+#endif
+        /* Berval-valued options */
+        res = LDAP_int_get_option(self, option, &bv);
+        if (res != LDAP_OPT_SUCCESS)
+            return option_error(res, "ldap_get_option");
+        if (bv == NULL) {
+            Py_INCREF(Py_None);
+            return Py_None;
+        }
+        v = LDAPberval_to_object(bv);
+        ldap_memfree(bv);
+        return v;
     default:
         PyErr_Format(PyExc_ValueError, "unknown option %d", option);
         return NULL;
diff --git a/Tests/t_ldapobject.py b/Tests/t_ldapobject.py
index e54bbfd4..76a14cac 100644
--- a/Tests/t_ldapobject.py
+++ b/Tests/t_ldapobject.py
@@ -395,6 +395,7 @@ def test_multiple_starttls(self):
             l.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
             l.start_tls_s()
             l.simple_bind_s(self.server.root_dn, self.server.root_pw)
+            self.assertEqual(l.get_option(ldap.OPT_X_TLS_PEERCERT), b"eg")
             self.assertEqual(l.whoami_s(), 'dn:' + self.server.root_dn)
 
     def test_dse(self):