Add CGI variables for client certificates

CHANGELOG.md

@@ -6,6 +6,10 @@
   route pattern.
 - Jetforce will no longer raise an exception when attempting to log dropped
   connections or other malformed requests.
+- Added the following CGI variables for client certificates:
+  - TLS_CLIENT_NOT_BEFORE
+  - TLS_CLIENT_NOT_AFTER
+  - TLS_CLIENT_SERIAL_NUMBER
 
 ### v0.2.0 (2012-01-21)
 

README.md

@@ -155,7 +155,7 @@ The CGI script must then write the gemini response to the *stdout* stream.
 This includes the status code and meta string on the first line, and the
 optional response body on subsequent lines. The bytes generated by the 
 CGI script will be forwarded *verbatim* to the gemini client, without any
-additional modificiation by the server.
+additional modification by the server.
 
 ## Deployment
 

jetforce.py

@@ -527,7 +527,13 @@ class GeminiRequestHandler:
         if self.client_cert:
             subject = dict(x[0] for x in self.client_cert["subject"])
             environ.update(
-                {"AUTH_TYPE": "CERTIFICATE", "REMOTE_USER": subject["commonName"]}
+                {
+                    "AUTH_TYPE": "CERTIFICATE",
+                    "REMOTE_USER": subject["commonName"],
+                    "TLS_CLIENT_NOT_BEFORE": self.client_cert["notBefore"],
+                    "TLS_CLIENT_NOT_AFTER": self.client_cert["notAfter"],
+                    "TLS_CLIENT_SERIAL_NUMBER": self.client_cert["serialNumber"],
+                }
             )
 
         return environ