I'm currently investigating using spray-can server support in place of spray-servlet. I don't see a way to access the X509Certificate of the client when using an SSLEngine that's been configured for client authentication. Specifically, I'm looking for the spray-can equivalent of HttpServletRequest#getAttribute("javax.servlet.request.X509Certificate").
Assuming this isn't implemented and I just missed it, would you be interested in a PR that adds support? Something along the lines of:
- a new header that provides info about the javax.net.ssl.SSLSession:
case class SSLSessionInfo(cipherSuite: String, peerCertificateChain: List[X509Certificate], ...)
- Changes in SslTlsSupport to provide the SSLSession (via engine.getSession)
If this sounds like a good path, let me know. I'm not intimately familiar with the pipeline stages in HttpServerConnection so any tips on how to get the SSLSession from SslTlsSupport in to the resulting HttpReqeust, it would be appreciated.
Regards,
Michael