aboutsummaryrefslogtreecommitdiffstats
path: root/doc/src/manual/cowboy_req.cert.asciidoc
blob: 51f2e3c5f1a7df6f116f5aa9ab9121825c95a629 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
= cowboy_req:cert(3)

== Name

cowboy_req:cert - Client TLS certificate

== Description

[source,erlang]
----
cert(Req :: cowboy_req:req()) -> binary() | undefined
----

Return the peer's TLS certificate.

Using the default configuration this function will always return
`undefined`. You need to explicitly configure Cowboy to request
the client certificate. To do this you need to set the `verify`
transport option to `verify_peer`:

[source,erlang]
----
{ok, _} = cowboy:start_tls(example, [
    {port, 8443},
    {certfile, "path/to/cert.pem"},
    {verify, verify_peer}
], #{
    env => #{dispatch => Dispatch}
}).
----

You may also want to customize the `verify_fun` function. Please
consult the `ssl` application's manual for more details.

TCP connections do not allow a certificate and this function
will therefore always return `undefined`.

The certificate can also be obtained using pattern matching:

[source,erlang]
----
#{cert := Cert} = Req.
----

== Arguments

Req::

The Req object.

== Return value

The client TLS certificate.

== Changelog

* *2.1*: Function introduced.

== Examples

.Get the client TLS certificate.
[source,erlang]
----
Cert = cowboy_req:cert(Req).
----

== See also

link:man:cowboy_req(3)[cowboy_req(3)],
link:man:cowboy_req:peer(3)[cowboy_req:peer(3)],
link:man:cowboy_req:sock(3)[cowboy_req:sock(3)]