Unable to get the transport ssl context from the request. This prevents checking the Client provided certificate and matching up the provided CN against allowed users/server. #2307
Unanswered
desean1625
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Initial Checks
Discussion Link
Description
Many applications in finance/banking require two way certificate verification. Currently the way we have handled this is by proxying the request and extracting out the client information at nginx or traefik and stuffing it into the headers.
Example Code
From the request we cannot get the transport information and unable to getgetpeercert preventing application-level validation of client certificates.
A possible solution is to pass the transport in the request scope.
In the protocol h11_impl.py we could simply add
after
uvicorn/uvicorn/protocols/http/h11_impl.py
Line 203 in 0efd383
Then at a route level or fastapi middleware we could pull the client certificates to check against an authorization service.
Python, Uvicorn & OS Version
Important
Beta Was this translation helpful? Give feedback.
All reactions