You need to toggle requesting the certificate from the client for the property to appear.
Basically, if you look at this constructor: https://github.com/grpc/grpc/blob/master/include/grpcpp/security/server_credentials.h#L57 You'll notice the default is "GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE". You need this to be at least " GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY" in order to get the server request the client's certificate, and thus getting its properties filled up in the auth context. On Fri, Sep 7, 2018 at 3:43 AM 'ensan' via grpc.io <[email protected]> wrote: > Hi - Great job on grpc. I have a quick question - I'm trying to obtain the > CN (common name) field from the peer's TLS certificate within a > (server-side) gRPC stub unsuccessfully. > > I've implemented a c++ grpc based TLS server and can successfully connect > a client over TLS however I'd like to capture client specific details (that > I write into the client's certificate) when a client's call arrives on the > server side for tracking and key-ing data against. I see the first argument > in a grpc server-side call is the ServerContext so I've tried to locate the > common name as follows: > > - > (ServerContext)->auth_context()->FindPropertyValues(GRPC_X509_CN_PROPERTY_NAME) > - empty > - (ServerContext)->auth_context()->GetPeerIdentity() - empty > - It's also not in the (ServerContext)->client_metadata() > > I can obtain the value from openssl i.e. the CN field is set in the > client's cert: > > openssl x509 --noout -subject -in client_cert.pem. > > How do I get the common name (and other client TLS fields) from the > server-side rpc call (c++). > > Many thanks in advance! > > -- > You received this message because you are subscribed to the Google Groups " > grpc.io" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/grpc-io. > To view this discussion on the web visit > https://groups.google.com/d/msgid/grpc-io/5083468c-8cd5-478b-ad1c-8bbd41417549%40googlegroups.com > <https://groups.google.com/d/msgid/grpc-io/5083468c-8cd5-478b-ad1c-8bbd41417549%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CAOWnRi9N9umcvv2NkT1j78SLP01T2bhmjZMc7%2BOyAQq1Gf%3DKzg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
