Add CGI variables for client certificates

2020-03-11 23:26:47 -04:00 · 2020-03-11 23:26:47 -04:00 · 58d34db29d
parent 78fe743310
commit 58d34db29d
3 changed files with 12 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -6,6 +6,10 @@
  route pattern.
 - Jetforce will no longer raise an exception when attempting to log dropped
  connections or other malformed requests.
+- Added the following CGI variables for client certificates:
+  - TLS_CLIENT_NOT_BEFORE
+  - TLS_CLIENT_NOT_AFTER
+  - TLS_CLIENT_SERIAL_NUMBER

 ### v0.2.0 (2012-01-21)

--- a/README.md
+++ b/README.md
@ -155,7 +155,7 @@ The CGI script must then write the gemini response to the *stdout* stream.
 This includes the status code and meta string on the first line, and the
 optional response body on subsequent lines. The bytes generated by the 
 CGI script will be forwarded *verbatim* to the gemini client, without any
-additional modificiation by the server.
+additional modification by the server.

 ## Deployment

--- a/jetforce.py
+++ b/jetforce.py
@ -527,7 +527,13 @@ class GeminiRequestHandler:
        if self.client_cert:
            subject = dict(x[0] for x in self.client_cert["subject"])
            environ.update(
-                {"AUTH_TYPE": "CERTIFICATE", "REMOTE_USER": subject["commonName"]}
+                {
+                    "AUTH_TYPE": "CERTIFICATE",
+                    "REMOTE_USER": subject["commonName"],
+                    "TLS_CLIENT_NOT_BEFORE": self.client_cert["notBefore"],
+                    "TLS_CLIENT_NOT_AFTER": self.client_cert["notAfter"],
+                    "TLS_CLIENT_SERIAL_NUMBER": self.client_cert["serialNumber"],
+                }
            )

        return environ