What's Changed
Expose peer certificates in request handlers by @josephnoir in #3362
Additional certificate information can be relevant in mTLS deployments. This PR exposes the certificate chain of the peer per request. In contrast to #3352, this includes not just the leaf but the validated peer certificate chain, i.e., the certificates that establish trust of the peer identity from the leaf to (and including) the root certificate.
The validated certificate chain is only available when setting a custom verification callback with metadata. Configuration of this callback is made available in this PR. It also adds a dependency on
swift-certificatesto useX509.ValidatedCertificateChainfor the certificate chain.Example usage:
app.get { req async in if let chain = req.peerCertificateChain { return "I am trusting you because I trust: \(chain.root.description)" } else { return "I am not trusting you." } }I suggest close #3352 in favor of this PR.
This patch was released by @0xTim
Full Changelog: 4.118.0...4.119.0