From 00b9ee91f17c7bc8eb07999381ec3aeb3191ebed Mon Sep 17 00:00:00 2001
From: Ben Darnell <ben@bendarnell.com>
Date: Mon, 29 Nov 2010 13:17:03 -0800
Subject: [PATCH] Expose the client's SSL certificate as
 HTTPRequest.get_ssl_certificate().

---
 tornado/httpserver.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/tornado/httpserver.py b/tornado/httpserver.py
index d11688a8..a0f2e507 100644
--- a/tornado/httpserver.py
+++ b/tornado/httpserver.py
@@ -488,6 +488,27 @@ class HTTPRequest(object):
         else:
             return self._finish_time - self._start_time
 
+    def get_ssl_certificate(self):
+        """Returns the client's SSL certificate, if any.
+
+        To use client certificates, the HTTPServer must have been constructed
+        with cert_reqs set in ssl_options, e.g.:
+            server = HTTPServer(app,
+                ssl_options=dict(
+                    certfile="foo.crt",
+                    keyfile="foo.key",
+                    cert_reqs=ssl.CERT_REQUIRED,
+                    ca_certs="cacert.crt"))
+
+        The return value is a dictionary, see SSLSocket.getpeercert() in
+        the standard library for more details.
+        http://docs.python.org/library/ssl.html#sslsocket-objects
+        """
+        try:
+            return self.connection.socket.getpeercert()
+        except:
+            return None
+
     def __repr__(self):
         attrs = ("protocol", "host", "method", "uri", "version", "remote_ip",
                  "remote_ip", "body")