Open MHaselmaier opened 2 years ago
@MHaselmaier ,
Please find my comment here - https://github.com/oatpp/oatpp-openssl/pull/11#issuecomment-999151343
Even though #11 is merged - you should consider not using the proposed fix.
Should we somehow provide a way which information is relevant, which then gets added to the requests bundle? This way only oatpp-openssl has to know about the client certificate but we could access the information in a key-value-pair from everywhere where we have access to the request.
Unfortunately, the connection provider knows nothing about requests.
When the connection provider issues connection there is no Request
object yet created.
We could probably put something to connection properties, however those, at the moment, are capable of storing strings only.
@MHaselmaier , can you please provide some more details about the use case? Why do you want to access the client-cert info exactly at the endpoint? You should be able to setup client-cert verification via ContextConfigurer
Yes I used the ContextConfigurer to enable Client Certificate authentication. However I would like to access the infomation of the certificate to used it for e.g. authorization. Meaning giving different certificate holders different access to data / endpoints.
It is possible to use stream::Context::Properties
in connection provider to store needed information see here - https://github.com/oatpp/oatpp/blob/master/src/oatpp/network/tcp/server/ConnectionProvider.cpp#L358
We have to modify the connection provider so that it will include Client Cert Info in the stream context.
@MHaselmaier
Ok, I'll have a look at it.
As far as I'm aware there is currently no way to access the information of the client certificate using oatpp-openssl. However, it could be easily available if
oatpp::openssl::Connection
would provide a getter for the OpenSSL context.Would you be open to add such a getter? Users could then e.g. implement a
oatpp::web::server::interceptor::RequestInterceptor
and dynamic_cast therequest->getConnection()
tooatpp::openssl::Connection
and access the OpenSSL context to retrieve any available information.