anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(swarm): inject peer cert into ASGI scope for uvicorn <= 0.44

Browse Source 
Uvicorn's h11/httptools HTTP protocols don't populate scope['extensions']['tls'], so /swarm/heartbeat's per-request cert pinning was 403ing every call despite CERT_REQUIRED validating the cert at handshake. Patch RequestResponseCycle.__init__ on both protocol modules to read the peer cert off the asyncio transport and write DER bytes into scope['extensions']['tls']['client_cert_chain']. Importing the module from swarm_api.py auto-installs the patch in the swarmctl uvicorn worker before any request is served.
This commit is contained in:
anti
2026-04-19 22:09:11 -04:00
parent 33d954a61c
commit d1b7e94325
3 changed files with 151 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
decnet/web/swarm_api.py
View File

@@ -16,6 +16,8 @@ shared DB.
"""
from __future__ import annotations
from decnet.web import _uvicorn_tls_scope # noqa: F401 # patches uvicorn on import
from contextlib import asynccontextmanager
from typing import AsyncGenerator