From 58d34db29d3a6f61f62a8f00ab46ae987ae97ab0 Mon Sep 17 00:00:00 2001 From: Michael Lazar Date: Wed, 11 Mar 2020 23:26:47 -0400 Subject: [PATCH] Add CGI variables for client certificates --- CHANGELOG.md | 4 ++++ README.md | 2 +- jetforce.py | 8 +++++++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d2045a7..13ffb3d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ route pattern. - Jetforce will no longer raise an exception when attempting to log dropped connections or other malformed requests. +- Added the following CGI variables for client certificates: + - TLS_CLIENT_NOT_BEFORE + - TLS_CLIENT_NOT_AFTER + - TLS_CLIENT_SERIAL_NUMBER ### v0.2.0 (2012-01-21) diff --git a/README.md b/README.md index c60d933..bece300 100644 --- a/README.md +++ b/README.md @@ -155,7 +155,7 @@ The CGI script must then write the gemini response to the *stdout* stream. This includes the status code and meta string on the first line, and the optional response body on subsequent lines. The bytes generated by the CGI script will be forwarded *verbatim* to the gemini client, without any -additional modificiation by the server. +additional modification by the server. ## Deployment diff --git a/jetforce.py b/jetforce.py index 4ffa5ad..5c1536e 100755 --- a/jetforce.py +++ b/jetforce.py @@ -527,7 +527,13 @@ class GeminiRequestHandler: if self.client_cert: subject = dict(x[0] for x in self.client_cert["subject"]) environ.update( - {"AUTH_TYPE": "CERTIFICATE", "REMOTE_USER": subject["commonName"]} + { + "AUTH_TYPE": "CERTIFICATE", + "REMOTE_USER": subject["commonName"], + "TLS_CLIENT_NOT_BEFORE": self.client_cert["notBefore"], + "TLS_CLIENT_NOT_AFTER": self.client_cert["notAfter"], + "TLS_CLIENT_SERIAL_NUMBER": self.client_cert["serialNumber"], + } ) return environ