Introduce cowboy_req:sock/1 and cowboy_req:cert/1

To obtain the local socket ip/port and the client TLS certificate, respectively.
2025-07-15 12:40:25 +00:00 · 2017-10-25 20:17:21 +01:00 · 2017-10-25 20:17:21 +01:00 · ef58e15547
commit ef58e15547
parent 4090adaecc
9 changed files with 268 additions and 35 deletions
--- a/doc/src/manual/cowboy_req.cert.asciidoc
+++ b/doc/src/manual/cowboy_req.cert.asciidoc
@ -0,0 +1,71 @@
+= cowboy_req:cert(3)
+
+== Name
+
+cowboy_req:cert - Client TLS certificate
+
+== Description
+
+[source,erlang]
+----
+cert(Req :: cowboy_req:req()) -> binary() | undefined
+----
+
+Return the peer's TLS certificate.
+
+Using the default configuration this function will always return
+`undefined`. You need to explicitly configure Cowboy to request
+the client certificate. To do this you need to set the `verify`
+transport option to `verify_peer`:
+
+[source,erlang]
+----
+{ok, _} = cowboy:start_tls(example, [
+    {port, 8443},
+    {cert, "path/to/cert.pem"},
+    {verify, verify_peer}
+], #{
+    env => #{dispatch => Dispatch}
+}).
+----
+
+You may also want to customize the `verify_fun` function. Please
+consult the `ssl` application's manual for more details.
+
+TCP connections do not allow a certificate and this function
+will therefore always return `undefined`.
+
+The certificate can also be obtained using pattern matching:
+
+[source,erlang]
+----
+#{cert := Cert} = Req.
+----
+
+== Arguments
+
+Req::
+
+The Req object.
+
+== Return value
+
+The client TLS certificate.
+
+== Changelog
+
+* *2.0*: Function introduced.
+
+== Examples
+
+.Get the client TLS certificate.
+[source,erlang]
+----
+Cert = cowboy_req:cert(Req).
+----
+
+== See also
+
+link:man:cowboy_req(3)[cowboy_req(3)],
+link:man:cowboy_req:peer(3)[cowboy_req:peer(3)],
+link:man:cowboy_req:sock(3)[cowboy_req:sock(3)]