SoupServer Mutual Authentication and WebSockets

[Mandar Joshi <emailmandar gmail com>]

Hello,
https://wiki.gnome.org/Projects/libsoup says that libsoup only has
'Server support for Digest and Basic authentication'.

I want to have access to the client's certificate. Is it possible to
implement mutual TLS authentication i.e. client side TLS certificates?

In the past, I have used a GSocketService  to handle TLS certificate
verification and then used soup_server_accept_iostream (...).
This works except for failed TLS handshakes and multiple attempts when
a browser tries to load a page served by SoupServer. This seems odd to
me. Well, I am not really trying to serve webpages to hundreds of
clients but could I be doing something wrong?

But now, I am using SoupServer for WebSocket connections. The callback
for WebSocket connection doesn't have SoupMessage, so there's nothing
to read the tls-certificate property or something like that from.

I see that SoupClientContext (in soup-server.c) has a SoupMessage
variable but its a opaque struct so I don't have access to it.

As a workaround I was thinking of reading each SoupMessages
tls-certificate property in the 'read-request' callback and
maintaining a list of SoupClientContexts and then when a request is
made for a WebSocket connection, I could search in the list for that
context and determine its tls-certificate. Is this the only way?

Any suggestions? Should I look into creating a subclass of SoupAuthDomain ?
I also saw that soup_websocket_server_process_handshake (...) is used
for WebSocket handshakes. Is taking that route a better option?

Thanks
Mandar Joshi