Andreas Scheja
07/29/2022, 4:06 PMSSLSession
after we got the ability to configure mutual tls with ktor 2.0? I've found a workaround, but I'm not sure if the involved APIs are stable enough to rely on them so it doesn't break during a random update...
intercept(ApplicationCallPipeline.Call) {
val nettyCall = (call.attributes[baseApplicationResponse.EngineRersponseAttributeKey].call) as NettyApplicationCall
val sslHandler = nettyCall.context.pipeline().get(SslHandler::class.java)
try {
val peerPrincipal = sslHandler.engine().session.peerPrincipal as X500Principal
call.attributes.put(PeerPrincipalKey, peerPrincipal)
proceed()
catch (e: SSLPeerUnverifiedException) {
return@intercept call.respondText("No client certificate provided", status = HttpStatusCode.BadRequest)
}
}
I've tried it the other way round too (adding a custom handler to netty), but I couldn't find a way to inject the principal into the ktor call.Aleksei Tirman [JB]
08/01/2022, 12:10 PMAndreas Scheja
08/01/2022, 6:34 PM