Add support for Http client cert and key to support mTLS

aws · Sep 9, 2024 · 778ad32 · 778ad32
1 parent c11769c
commit 778ad32
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 2 deletions.
diff --git a/gems/aws-sdk-core/CHANGELOG.md b/gems/aws-sdk-core/CHANGELOG.md
@@ -1,6 +1,8 @@
 Unreleased Changes
 ------------------
 
+* Issue - Add support for Http client cert and key to support mTLS.
+
 3.203.0 (2024-09-03)
 ------------------
 

diff --git a/gems/aws-sdk-core/lib/seahorse/client/net_http/connection_pool.rb b/gems/aws-sdk-core/lib/seahorse/client/net_http/connection_pool.rb
@@ -34,7 +34,9 @@ class ConnectionPool
           ssl_ca_bundle: nil,
           ssl_ca_directory: nil,
           ssl_ca_store: nil,
-          ssl_timeout: nil
+          ssl_timeout: nil,
+          http_client_cert: nil,
+          http_client_key: nil
         }
 
         # @api private
@@ -246,7 +248,9 @@ def pool_options options
               :ssl_ca_bundle => options[:ssl_ca_bundle],
               :ssl_ca_directory => options[:ssl_ca_directory],
               :ssl_ca_store => options[:ssl_ca_store],
-              :ssl_timeout => options[:ssl_timeout]
+              :ssl_timeout => options[:ssl_timeout],
+              :http_client_cert => options[:http_client_cert],
+              :http_client_key => options[:http_client_key]
             }
           end
 
@@ -291,6 +295,11 @@ def start_session endpoint
               http.ca_file = ssl_ca_bundle if ssl_ca_bundle
               http.ca_path = ssl_ca_directory if ssl_ca_directory
               http.cert_store = ssl_ca_store if ssl_ca_store
+              http.cert = http_client_cert if http_client_cert
+              http.key = http_client_key if http_client_key
+
+              puts "Set stuff"
+              puts http.cert
             else
               http.verify_mode = OpenSSL::SSL::VERIFY_NONE
             end

diff --git a/gems/aws-sdk-core/lib/seahorse/client/plugins/net_http.rb b/gems/aws-sdk-core/lib/seahorse/client/plugins/net_http.rb
@@ -70,6 +70,15 @@ class NetHttp < Plugin
           resolve_ssl_timeout(cfg)
         end
 
+        option(:http_client_cert, default: nil, doc_type: OpenSSL::X509::Certificate, docstring: <<-DOCS)
+Sets a client certificate when creating http connections.
+        DOCS
+
+
+        option(:http_client_key, default: nil, doc_type: OpenSSL::PKey, docstring: <<-DOCS)
+Sets a client key when creating http connections.
+        DOCS
+
         option(:logger) # for backwards compat
 
         handler(Client::NetHttp::Handler, step: :send)