Capture Client Certificate CN from Gunicorn

gunicorn_options.yml

bind: 0.0.0.0:8000
workers: 1
worker_class: "example.worker:CustomWorker"
timeout: 30
ca_certs: ca.crt
certfile: server.crt
keyfile: server.key
cert_reqs: 2
do_handshake_on_connect: true

worker.py

from gunicorn.workers.sync import SyncWorker


class CustomWorker(SyncWorker):
    def handle_request(self, listener, req, client, addr):
        subject = dict(client.getpeercert().get('subject')[0])
        headers = dict(req.headers)
        headers['X-USER'] = subject.get('commonName')

        req.headers = list(headers.items())

        super(CustomWorker, self).handle_request(listener, req, client, addr)