Get the server's SSL certificate

[bramp]

Is it possible to extract the server's certificate chain from a Response? In addition to say SSL/TLS version, and other cipher information?

I looked at using use_preconfigured_tls and passing my own tls client, with a customer ServerCertVerifier but it

1. Seems unclear how to tie back the specific request to the ServerCertVerifier verification calls (especially if I'm using the client to send many requests), and
2. Seems to be duplicating a lot of code you already have.

thanks in advance

[seanmonstar]

Nope, it's not currently possible. The specific TLS libraries that reqwest uses may provide that information internally, but it'd take some work to collect it and present it on the Response. Even more work if the TLS connectors don't provide that info yet.

[bramp]

Would you accept a pull request, if I got this implemented (including in the underlying libraries) and it wasn't horrible, etc?

I suspect I'd create a HttpInfo like extension, that will contain various TLS information.

[seanmonstar]

Yes absolutely! I think some of the connectors may already insert an extension, like HttpInfo. But I haven't checked in a while.

[seanmonstar]

Ideally, whatever is exposed on the Response is a wrapper type from reqwest::tls, which doesn't expose the underlying TLS type.

[JRAndreassen]

Hi...
This is exactly what I'm looking for...
@bramp : Did you make any headway on this ?
Thanks
JR

[bramp]

ah sorry, I found a workaround by not using reqwest, so have not made progress, and will likely not make progress in the short term.

[JRAndreassen]

@bramp,
Ahh, yes... "there is a crate for that"...
I was hoping to avoid hitting it again...
Thanks for letting me know.
JR