Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access to OpenSSL Context #10

Open
MHaselmaier opened this issue Dec 20, 2021 · 7 comments
Open

Access to OpenSSL Context #10

MHaselmaier opened this issue Dec 20, 2021 · 7 comments

Comments

@MHaselmaier
Copy link
Member

As far as I'm aware there is currently no way to access the information of the client certificate using oatpp-openssl.
However, it could be easily available if oatpp::openssl::Connection would provide a getter for the OpenSSL context.

Would you be open to add such a getter?
Users could then e.g. implement a oatpp::web::server::interceptor::RequestInterceptor and dynamic_cast the request->getConnection() to oatpp::openssl::Connection and access the OpenSSL context to retrieve any available information.
@MHaselmaier MHaselmaier mentioned this issue Dec 21, 2021
Merged
@lganzzzo
Copy link
Member

@MHaselmaier ,

Please find my comment here - #11 (comment)

@lganzzzo
Copy link
Member

lganzzzo commented Dec 21, 2021
edited
Loading

Even though #11 is merged - you should consider not using the proposed fix.

@MHaselmaier
Copy link
Member Author

Should we somehow provide a way which information is relevant, which then gets added to the requests bundle?
This way only oatpp-openssl has to know about the client certificate but we could access the information in a key-value-pair from everywhere where we have access to the request.

@lganzzzo
Copy link
Member

Unfortunately, the connection provider knows nothing about requests.
When the connection provider issues connection there is no Request object yet created.

We could probably put something to connection properties, however those, at the moment, are capable of storing strings only.

@MHaselmaier ,
can you please provide some more details about the use case?
Why do you want to access the client-cert info exactly at the endpoint?
You should be able to setup client-cert verification via ContextConfigurer

@MHaselmaier
Copy link
Member Author

Yes I used the ContextConfigurer to enable Client Certificate authentication. However I would like to access the infomation of the certificate to used it for e.g. authorization. Meaning giving different certificate holders different access to data / endpoints.

@lganzzzo
Copy link
Member

lganzzzo commented Jan 3, 2022

It is possible to use stream::Context::Properties in connection provider to store needed information see here - https://github.com/oatpp/oatpp/blob/master/src/oatpp/network/tcp/server/ConnectionProvider.cpp#L358

We have to modify the connection provider so that it will include Client Cert Info in the stream context.

@MHaselmaier

@MHaselmaier
Copy link
Member Author

Ok, I'll have a look at it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lganzzzo @MHaselmaier