How to extract enclave idendity from the RA-TLS certificate

[szymek156]

Following the https://github.com/intel/linux-sgx/blob/7385e10ce1106215d15f874a024ca224c7417eea/SampleCode/SampleAttestedTLS/AttestedTLSREADME.md

Custom extended certificate validation:
1.    Validate certificate
2.    Validate the evidence
3.    Validate peer enclave's identity
        Validate the enclave’s identity (e.g., MRENCLAVE in SGX) against the expected list. This check ensures only the intended party is allowed to connect to.

tee_verify_ceritificate_with_evidence() for inside enclave calls, was added to perform step 1-2 and leaving step 3 to application for business logic.

How to perform step 3? Is there any SDK that will make my live easier and extract quote report from the TLS certificate? Or am I forced to do it on my own, finding the extension in the TLS, decoding CBOR etc?
I was expecting to find a function similar to: get_report(ra_tls_certificate) -> sgx_report