Returns the client's SSL certificate, if any. To use client certificates, the HTTPServer's `ssl.SSLContext.verify_mode` field must be set, e.g.:: ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("foo.crt", "foo.key")
(
self, binary_form: bool = False
)
| 590 | return self._finish_time - self._start_time |
| 591 | |
| 592 | def get_ssl_certificate( |
| 593 | self, binary_form: bool = False |
| 594 | ) -> Union[None, Dict, bytes]: |
| 595 | """Returns the client's SSL certificate, if any. |
| 596 | |
| 597 | To use client certificates, the HTTPServer's |
| 598 | `ssl.SSLContext.verify_mode` field must be set, e.g.:: |
| 599 | |
| 600 | ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) |
| 601 | ssl_ctx.load_cert_chain("foo.crt", "foo.key") |
| 602 | ssl_ctx.load_verify_locations("cacerts.pem") |
| 603 | ssl_ctx.verify_mode = ssl.CERT_REQUIRED |
| 604 | server = HTTPServer(app, ssl_options=ssl_ctx) |
| 605 | |
| 606 | By default, the return value is a dictionary (or None, if no |
| 607 | client certificate is present). If ``binary_form`` is true, a |
| 608 | DER-encoded form of the certificate is returned instead. See |
| 609 | SSLSocket.getpeercert() in the standard library for more |
| 610 | details. |
| 611 | http://docs.python.org/library/ssl.html#sslsocket-objects |
| 612 | """ |
| 613 | try: |
| 614 | if self.connection is None: |
| 615 | return None |
| 616 | # TODO: add a method to HTTPConnection for this so it can work with HTTP/2 |
| 617 | return self.connection.stream.socket.getpeercert( # type: ignore |
| 618 | binary_form=binary_form |
| 619 | ) |
| 620 | except SSLError: |
| 621 | return None |
| 622 | |
| 623 | def _parse_body(self) -> None: |
| 624 | parse_body_arguments( |