Closed s12f closed 2 years ago
There's a test in the core lib that demonstrates use of the auth context stuff for custom metadata transfer; it might be helpful for preliminary experimentation (specifically, the construction of serverConf'
and use of serverProcessor
).
That might not be sufficient for what you want, though, and IIRC much of the cert stuff is only lightly tested and minimally bound to the underlying C core, so it's possible that some additional extensions or bindings might be needed.
@intractable Thanks for your response, though the AuthContext
is not actually what I want(the client's signed certificate), I found ServerContext
will be passed to handlers in other libraries(C++, Go, Python etc.), e.g. https://github.com/awakesecurity/gRPC-haskell/blob/e1091b9c0dc9dee8354cf63c9aebe51fa041cfd9/examples/hellos/hellos-cpp/hellos_server.cc#L29
which probably includes client's cert, do you have plan to implement that?
@s12f I think the client cert may show up in the auth context when the SslClientCertificateRequestType
is set correctly (i.e., a mode other than SslDontRequestClientCertificate
as is used in the current low level tests), but it certainly (at least) needs testing and possibly better exposure. Or I might be overlooking something and this piece is missing in the current implementation.
I probably won't be able to tackle this myself in the very near future, but you might open an issue and we can try to look into it (or tackle it yourself, of course).
@intractable Wow, I tested, it works now, Thank you.
@s12f Huzzah! =)
I use mTLS to authenticate client, it works well, but after authenticating, I want to obtain Common Name(CN) from client's cert, but there is no way to get the cert information from parameters of Handler, I found that AuthContext is exported in HighLevel module, but how to obtain it in server side?