Can I get the CN?

[MarkSwanson]

With an older version of Hyper using OpenSSL I could do something like this:

 if let Some(sslstream) = request.ssl::<SslStream<HttpStream>>() {
            let ssl: &Ssl = sslstream.ssl();
            let peer_x509: X509 = ssl.peer_certificate().unwrap();
            let sn = peer_x509.subject_name();
            cn = sn.text_by_nid(Nid::CN).unwrap();
            debug!("cn: {}", &cn);
        }

I need the CN to do anything useful on our corporate network.
Is it possible to do something like this when I'm using hyper-rustls?
If yes, how?

Thanks!

[alex]

I've been struggling with the same challenge of how to get at the client certificate: hyperium/hyper#1241

I haven't been able to figure out how to implement any of those suggestions though.

Has anyone been able to determine if this is actually possible at the moment, and if not, what's the best way to contribute to making it happen?

[alex]

Ultimate solution was just to drop tokio-proto and have my own incoming() stream where I could grab the ServerSession from the TlsStream

[lucab]

@alex I'm not too familiar with proto/service myself, but yes I think the only away is to write your own logic on top of tokio-rustls, without using the proto portion of that crate.
I think the end result will look quite similar to tokio-rustls server example but I'm not sure about the hyper part.

Would you mind sharing a gist with your current solution? Does it completely bypass hyper-rustls? Depending on the final result it may (or may not) be helpful to have it here as a proto-less server example.

[alex]

https://gist.github.com/alex/f67158c64c9d2c0b9e44f82028fef6fb

…

On Sat, Sep 23, 2017 at 4:43 AM, Luca Bruno ***@***.***> wrote: @alex <https://github.com/alex> I'm not too familiar with proto/service myself, but yes I think the only away is to write your own logic on top of tokio-rustls, without using the proto portion of that crate. I think the end result will look quite similar to tokio-rustls server example <https://github.com/quininer/tokio-rustls/blob/6a8c6431a30d04cc290760940b9af2975734de4e/examples/server.rs> but I'm not sure about the hyper part. Would you mind sharing a gist with your current solution? Does it completely bypass hyper-rustls? Depending on the final result it may (or may not) be helpful to have it here as a proto-less server example. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#21 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAADBDnJyDPZwHlbSrG_UfnET-W8oVObks5slMS6gaJpZM4Nfdwf> .

-- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6

[alex]

Following up a year later (😬), the solution I put in that gist was working well, but the latest release of hyper no longer has the bind_connection API, and I'm struggling to figure out what the new way of expressing the same thing is.