How to obtain AuthContext in server side?

[s12f]

I use mTLS to authenticate client, it works well, but after authenticating, I want to obtain Common Name(CN) from client's cert, but there is no way to get the cert information from parameters of Handler, I found that AuthContext is exported in HighLevel module, but how to obtain it in server side?

[intractable]

There's a test in the core lib that demonstrates use of the auth context stuff for custom metadata transfer; it might be helpful for preliminary experimentation (specifically, the construction of serverConf' and use of serverProcessor).

That might not be sufficient for what you want, though, and IIRC much of the cert stuff is only lightly tested and minimally bound to the underlying C core, so it's possible that some additional extensions or bindings might be needed.

[s12f]

@intractable Thanks for your response, though the AuthContext is not actually what I want(the client's signed certificate), I found ServerContext will be passed to handlers in other libraries(C++, Go, Python etc.), e.g. https://github.com/awakesecurity/gRPC-haskell/blob/e1091b9c0dc9dee8354cf63c9aebe51fa041cfd9/examples/hellos/hellos-cpp/hellos_server.cc#L29 which probably includes client's cert, do you have plan to implement that?

[intractable]

@s12f I think the client cert may show up in the auth context when the SslClientCertificateRequestType is set correctly (i.e., a mode other than SslDontRequestClientCertificate as is used in the current low level tests), but it certainly (at least) needs testing and possibly better exposure. Or I might be overlooking something and this piece is missing in the current implementation.

I probably won't be able to tackle this myself in the very near future, but you might open an issue and we can try to look into it (or tackle it yourself, of course).

[s12f]

@intractable Wow, I tested, it works now, Thank you.

[intractable]

@s12f Huzzah! =)