Is there a way to get the peer certificate from a glisten ssl connection? | The Gleam Programming Language | Page 1

frail lily Aug 4, 2024, 9:36 PM

#

I didn't see any obvious way in the glisten docs.

worldly parrot Aug 5, 2024, 2:00 AM

#

i don't think so... if that's just this https://www.erlang.org/doc/apps/ssl/ssl.html#peercert/1 then shouldn't be too hard to add support

#

the Connection type isn't opaque at least, so you should be able to have that as an external and pass connection.socket to it and get that info... can add that to the library as well though, for a longer-term solution

frail lily Aug 5, 2024, 7:22 AM

#

thanks! I'll try the external, but it'd be useful to have in glisten. :)

frail lily Aug 5, 2024, 10:50 AM

#

So peercert/1 doesn't work, because the server doesn't request the client certificate. The server configuration needs {verify, verify_peer} which is verify_none by default.

worldly parrot Aug 5, 2024, 3:15 PM

#

where are you seeing that default?

#

ah wrong section, i see

frail lily Aug 5, 2024, 4:10 PM

#

nvm that doesn't solve my issue as that'll deny any bad/missing certificate requests... Damn I need to find a way to just get/check the client certificate.

frail lily Aug 5, 2024, 4:37 PM

#

I guess I could give it a verify_fun that does nothing...

frail lily Aug 6, 2024, 1:41 PM

#

frail lily I guess I could give it a `verify_fun` that does nothing...

That kinda seems to be the way to do it.

worldly parrot Aug 7, 2024, 1:30 AM

#

i'd probably like to provide some better public API for providing options, which could include "arbitrary" ones like this... i'm just not sure what the best approach is for that right now

#Is there a way to get the peer certificate from a glisten ssl connection?