How can I get the real cliente certificate from the client using mTLS? I need a sha256 fingerprint of that certificate to validate it

[gustavowd]

I'm using the mTLS feature and it works.
However, i retrieve a TbsCertificate, which have several info about the client certificate, but not the certificate itself.
I need the certificate to run a sha256 fingerprint algorithm to identify if that certificate is valid in a specificy server.
That is needed due the ieee 2030.5 standard, which validates clients by its certificate fingerprint.

Is it possible to retrieve the pem certificate from the client in rocket?

thanks in advance,
Gustavo

[Andycharalambous]

I'd really like to know the answer to this too.

[SergioBenitez]

The certificate type implements AsRef<[u8]>, so a simple .as_ref() gets you the raw bytes.

[Andycharalambous]

Thanks @SergioBenitez - from what I can tell, this is the raw bytes of the TbsCertificate - not the full certificate raw bytes, required for getting a SHA1/SHA256 fingerprint.

[SergioBenitez]

Ah, got it, apologies, I misunderstood the question and intent.

It makes sense to expose this. Will work on this now.

[SergioBenitez]

I've just pushed 23bf83d, which adds Certificate::as_bytes(), returning the raw certificate data.