I was wondering: Is there any plan to (properly) support accessing things like the peer principal of a

SSLSession

after we got the ability to configure mutual tls with ktor 2.0? I've found a workaround, but I'm not sure if the involved APIs are stable enough to rely on them so it doesn't break during a random update...

intercept(ApplicationCallPipeline.Call) {
    val nettyCall = (call.attributes[baseApplicationResponse.EngineRersponseAttributeKey].call) as NettyApplicationCall
    val sslHandler = nettyCall.context.pipeline().get(SslHandler::class.java)
    try {
        val peerPrincipal = sslHandler.engine().session.peerPrincipal as X500Principal
        call.attributes.put(PeerPrincipalKey, peerPrincipal)
        proceed()
    catch (e: SSLPeerUnverifiedException) {
        return@intercept call.respondText("No client certificate provided", status = HttpStatusCode.BadRequest)
    }
}

I've tried it the other way round too (adding a custom handler to netty), but I couldn't find a way to inject the principal into the ktor call.

Could you please file an issue?

done, see https://youtrack.jetbrains.com/issue/KTOR-4711/Support-accessing-principal-of-client-certificate