TLS peer certificate

[cruz3rblade]

Hey,

I am interested in using mTLS and verifying the client's peer certificate. Based on issue #589 from 3 years ago, it seems that this was not supported at the time. Is this feature currently supported, or are there any plans to support it in the future?

[uNetworkingAB]

Are you asking about peer verification in general or using mTLS as the SSL implementation?

[cruz3rblade]

I'm asking in general, basically I want to retrieve the peer's certificate in its raw form, like how NodeJS expose it with tlsSocket.getPeerCertificate. Then, I could verify the certificate using crypto.X509Certificate.verify.

[uNetworkingAB]

This is a feature that has never been fully thought about yet, I've only seen very few people interested in it and for those in C++ land they can access all OpenSSL functions but for Node.js it needs to be wrapped in some simple way. It would be a feature request

[cruz3rblade]

I understand, and yet please consider fulfilling this feature request in the future. 🙏
Also, Thank you for the quick reply and this awesome library!

[theoephraim]

I'm trying to implement mTLS as well. Using @cruz3rblade's example and things seem to be working, but I'd like to be able to make mTLS requests from the browser as well. If I understand correctly, when doing this with node's built-in https module, you must set an option of requestCert: true. Is this just not supported with uWS, or am I missing some other step?

Obviously I need to install the client cert locally as well, but I would expect that chrome might show me a popup or something to select the cert as well? It seems there's just nothing being sent, which makes me think the server is not requesting it properly.

Thanks so much!