Allows to dump the hostname header from sni handshake

sni-sniff.py

import os
import BaseHTTPServer, SimpleHTTPServer
import ssl, socket

CERTIFICATE_PATH = os.getcwd() + '/server.crt'
KEY_PATH = os.getcwd() + '/server.key'

def verify_tls(socket, hostname, context, as_callback=True):
        print "SNI hostname: ", hostname

class HandshakeRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
    def do_GET():
        self.dumpRequest()
        self.dispatchRequest()

    def do_POST():
        self.dumpRequest()
        self.dispatchRequest()

    def do_HEAD():
        self.dumpRequest()
        self.dispatchRequest()

    def dumpRequest():
        logging.info('Got HTTP %s from %s' % (self.command, self.client_address))
        logging.info('    Path=%s' % (self.path,))
        logging.info('    Version=%s' % (self.request_version,))
        logging.info('    Headers=%s' % (self.headers,))


#httpd = BaseHTTPServer.HTTPServer(('localhost', 4443), SimpleHTTPServer.SimpleHTTPRequestHandler)
httpd = BaseHTTPServer.HTTPServer(('localhost', 4443), HandshakeRequestHandler)

tls_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
tls_context.set_servername_callback(verify_tls)
tls_context.load_default_certs()
tls_context.set_npn_protocols(['spdy/2', 'http/1.1'])

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
httpd.socket = tls_context.wrap_socket(
                httpd.socket,
                do_handshake_on_connect=True,
                server_hostname='chrismeller.com')


#print(httpd.socket.getpeercert())
print "NPN protocol: ", httpd.socket.selected_npn_protocol()
#httpd.socket = ssl.wrap_socket (httpd.socket, certfile='path/to/localhost.pem', server_side=True)
httpd.serve_forever()

I was wondering if you could explain how have you used "httpd.socket.getpeercert()" at the server to find the client cert?