Hii,
Thank you very much for the library. I am using the library to serve both web clients and serve static files. For webclients, I want to have TLS cert-based authentication with self-signed cert and it works fine by the following snippet:
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.verify_mode = ssl.CERT_REQUIRED
context.load_cert_chain(certfile=server_cert, keyfile=server_key)
context.load_verify_locations(cafile=capath)
app.run(host=“0.0.0.0”, port=7509, debug=True, ssl=context, workers=2)
The issue is due to the client-side TLS cert verification, my web pages or any static files stopped loading. I could use curl with server.key and server.crt to fetch static files but browser can’t load. I thought to fix this, I can conditionally look at client certs in request.conn_info.cert variable and authenticate certs there but I see cert variable is empty even though my curl client sends the cert(maybe it’s broken now?) If I go this route, maybe I can add a middleware, where I conditionally whitelist any paths using /static to not verify client TLS cert.
Please suggest…