I'd like to build a ktor server that uses the embedded Netty engine, exposes an SSL endpoint, and validates client certificates against a custom CA. Serving over SSL is easy and fun thanks to the magic of ktor, but I'm struggling with validating client certificates. I can see in https://github.com/ktorio/ktor/blob/master/ktor-server/ktor-server-netty/src/io/ktor/server/netty/NettyChannelInitializer.kt#L47 that the

NettyChannelInitializer

uses the familiar

SslContextBuilder

from Netty. I think that calling

clientAuth

and

trustManager

on the

SslContextBuilder

instance would do what I want. My problem is that I can't see how to pass settings into my engine config to make

NettyChannelInitializer

do what I want. Any ideas? Or is this not possible in the current version of ktor, and I should use nginx as a reverse proxy?

I don’t think there is out of the box access to SslContextBuilder right now. Please submit an issue to GitHub, we’ll discuss what we can do for you.

Thanks for the prompt response. I filed the ticket at https://github.com/ktorio/ktor/issues/595.