Not sure how mutualTLS works

[malabile]

I have a openapi yaml with the following code:

components:
  securitySchemes:
    mtls:
      type: mutualTLS

Using openapi3-1.8.1, connecting using the Following method fails:

        api = OpenAPI(
            raw_document=spec,
            ssl_verify=Path("ca.pem"),
        )

        api.authenticate(
            "mtls",
            (
                Path("otsbms.pem"),
                Path("otsbms.key.pem"),
            ),
        )

        # call operations and receive result models
       api.call_deleteAll(parameters={"personId": "a123", "transactionId": "a456", })

unless I change line 344 in paths.py and add the "cert" arg

        # send the prepared request
        result = session.send(self._request.prepare(), verify=verify, cert=self._request.cert)

With the above code, mutualTLS works for me. But breaks all other methods that do not set self._request.cert

I don't see in the source code for self._request.prepare() that it copies the cert variable. I don't undersatnd how it could work.
On the other hand, support for mutualTLS was explicitly added in openapi3 so it has been tested. I am not sure if there is a bug, or if I missed something.

[commonism]

Hi,

to me your approach is basically valid.
requests.Request class does not have a .cert property, it get's added by openapi3 when mutualTLS is requested.
The (client cert/key tuple) has to be passed to requests.Session.request() or requests.Session.send - as you do.
If mutualTLS is not set, it fails as the property does not exist
Possible workaround:

result = session.send(self._request.prepare(), 
    verify=verify, 
    cert=getattr(self._request, "cert", None))

Unlikely this has been working properly.

I shared the issue in aiopenapi3, literally the same issue even though it's requests vs. httpx.
here is my take on it.

As the required asgi tls extensions is not implemented in hypercorn/uvloop and FastAPI does not know mutualTLS - the unit tests been quite interesting.