Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Allow retrieval of client certificate #175

Open
bpfoster opened this Issue · 7 comments

6 participants

Ben Foster marius a. eriksen Daniel Cox Maarten Koopmans Josh Graham Steve Gury
Ben Foster

When using client auth with 2-way SSL, present the client certificate for custom authorization code to use. The result should be something similar to the call of SSLEngine.getSession().getPeerCertificateChain()

Originally posted in the users group at https://groups.google.com/forum/?fromgroups#!topic/finaglers/j4xrFRF1MDI

marius a. eriksen
Collaborator

A proposed API: make SSL transports a special type, with retrievable certificates. Listeners can then match on this:

transport match {
  case SSLTransport(cert) => …
  case _ => …
}
Daniel Cox

How would this allow an RPC method implementation access to the client cert, say in a custom Filter?

Daniel Cox

I ask because I have the same requirement as @bpfoster, and I was interested in contributing this improvement. I'm having some trouble figuring out the flow, though.

Maarten Koopmans

:+1: form me on this. It would also allow for easy SSL debugging on the "higher" layer, i.e. catching handshake exceptions, wrap them in json, and send them back.

Josh Graham

Ping?

Steve Gury
Collaborator

@delitescere sorry for the absence of updates, but this has been unprioritized on our side, but we would gladly accept pull request (and/or give guidance about that).

Ben Foster

@stevegury I'd like to start revisiting this. I can see how to retrieve the certificate from within a ChannelHandler, but am not finding a clean way to get it to the service/filter layer. Do you think anyone could provide some guidance on that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.