https://kotlinlang.org logo
Title
a

Andreas Scheja

07/29/2022, 4:06 PM
I was wondering: Is there any plan to (properly) support accessing things like the peer principal of a
SSLSession
after we got the ability to configure mutual tls with ktor 2.0? I've found a workaround, but I'm not sure if the involved APIs are stable enough to rely on them so it doesn't break during a random update...
intercept(ApplicationCallPipeline.Call) {
    val nettyCall = (call.attributes[baseApplicationResponse.EngineRersponseAttributeKey].call) as NettyApplicationCall
    val sslHandler = nettyCall.context.pipeline().get(SslHandler::class.java)
    try {
        val peerPrincipal = sslHandler.engine().session.peerPrincipal as X500Principal
        call.attributes.put(PeerPrincipalKey, peerPrincipal)
        proceed()
    catch (e: SSLPeerUnverifiedException) {
        return@intercept call.respondText("No client certificate provided", status = HttpStatusCode.BadRequest)
    }
}
I've tried it the other way round too (adding a custom handler to netty), but I couldn't find a way to inject the principal into the ktor call.
a

Aleksei Tirman [JB]

08/01/2022, 12:10 PM
Could you please file an issue?