Add filter to be able to get peer's certificate on TLS server

[daniel-abramov]

It would be nice to have a filter (or add this feature by any other means), so that the we can check peer's certificate (i.e. something like this when running the server in TLS mode. That would be very beneficial for the HTTPS servers analyze peer certificate and use for some sort of authentication and/or identity check.

[seanmonstar]

I agree, this would be a nice addition. I'd suggest we add some Certificate newtype, and then something like warp::tls::cert() can be a filter of Option<Certificate>.

[Geobert]

Any progress on this? Things like https://www.rfc-editor.org/rfc/rfc8705.html requires it :-/

[jxs]

still needs https://github.com/hyperium/hyper/issues/2321 no?

[Geobert]

still needs hyperium/hyper#2321 no?

Oh, indeed, thanks for your answer!

[darwindarak]

Not sure if this helps or if this is the right place to put this, but I got something working where the client cert is injected into the request extensions field so that it can be pulled out using the warp::ext::get filter. The code snippet is at:

https://gist.github.com/darwindarak/9b18e49d0d5b384dd332d2c8d9e785fe

Can some option like this be built into TlsServer? Or more generically, maybe an option to provide a sort of prefilter into the server that can modify the request before they are handled by the warp filters?

[git-noise]

Hello, I saw that https://github.com/hyperium/hyper/issues/2321 was closed and mostly implemented. Any chance to see that mTLS, or I guess it won't be possible before hyper 1.0 is released? Best,

[gubsey]

Has there been any progress on this? What is currently blocking us here?

[elwerene]

I recently added the possibility to get the peer certificate in warp-openssl: https://github.com/Azure/warp-openssl/pull/12