Ah, I see. Just using SSL isn't enough to set HttpRequest.certificate; it's a client-side certificate, which means the server has to request it (by setting requestClientCertificate: true when calling HttpServer.bindSecure()) and the client has to send it (by passing a security context to HttpClient(), which you're doing). We don't currently expose requestClientCertificate in shelf_io.serve... you could add that if you want, but I don't think anyone really uses client certificates so I'd be fine limiting this pull request to exposing the connection info.
I need to use dart shelf with mutual ssl auth, please could we expose requestClientCertificate ?
Future serve(
Handler handler,
Object address,
int port, {
SecurityContext? securityContext,
int? backlog,
bool requestClientCertificate = false,
bool shared = false,
String? poweredByHeader = 'Dart with package:shelf',
}) async {
backlog ??= 0;
var server = await (securityContext == null
? HttpServer.bind(address, port, backlog: backlog, shared: shared)
: HttpServer.bindSecure(
address,
port,
securityContext,
backlog: backlog,
requestClientCertificate: requestClientCertificate,
shared: shared,
));
serveRequests(server, handler, poweredByHeader: poweredByHeader);
return server;
}
Ah, I see. Just using SSL isn't enough to set
HttpRequest.certificate
; it's a client-side certificate, which means the server has to request it (by settingrequestClientCertificate: true
when callingHttpServer.bindSecure()
) and the client has to send it (by passing a security context toHttpClient()
, which you're doing). We don't currently exposerequestClientCertificate
inshelf_io.serve
... you could add that if you want, but I don't think anyone really uses client certificates so I'd be fine limiting this pull request to exposing the connection info.Originally posted by @nex3 in https://github.com/dart-lang/shelf/issues/92#issuecomment-339204852