Serve client_cert_name and alpn_protocol in tls extension

urllib3 · Nov 28, 2023 · 3dd8137 · 3dd8137
1 parent ed84446
commit 3dd8137
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/src/hypercorn/protocol/http_stream.py b/src/hypercorn/protocol/http_stream.py
@@ -57,6 +57,7 @@ def __init__(
         self.scope: HTTPScope
         self.send = send
         self.scheme = "https" if tls is not None else "http"
+        self.tls = tls
         self.server = server
         self.start_time: float
         self.state = ASGIHTTPState.REQUEST
@@ -94,6 +95,9 @@ async def handle(self, event: Event) -> None:
             if event.http_version in EARLY_HINTS_VERSIONS:
                 self.scope["extensions"]["http.response.early_hint"] = {}
 
+            if self.tls is not None:
+                self.scope["extensions"]["tls"] = self.tls
+
             if valid_server_name(self.config, event):
                 self.app_put = await self.task_group.spawn_app(
                     self.app, self.config, self.scope, self.app_send

diff --git a/src/hypercorn/trio/tcp_server.py b/src/hypercorn/trio/tcp_server.py
@@ -1,5 +1,6 @@
 from __future__ import annotations
 
+import ssl
 from math import inf
 from typing import Any, Generator, Optional
 
@@ -42,7 +43,13 @@ async def run(self) -> None:
                 return  # Handshake failed
             alpn_protocol = self.stream.selected_alpn_protocol()
             socket = self.stream.transport_stream.socket
-            tls = {}
+
+            tls = {"alpn_protocol": alpn_protocol}
+            client_certificate = self.stream.getpeercert(binary_form=False)
+            if client_certificate:
+                tls["client_cert_name"] = ", ".join(
+                    [f"{part[0][0]}={part[0][1]}" for part in client_certificate["subject"]]
+                )
         except AttributeError:  # Not SSL
             alpn_protocol = "http/1.1"
             socket = self.stream.socket