swift-server · aryan-25 · Dec 16, 2025 · Dec 5, 2025 · Dec 8, 2025 · Dec 8, 2025
diff --git a/Package.swift b/Package.swift
@@ -24,10 +24,10 @@ let package = Package(
         .package(url: "https://github.com/apple/swift-collections.git", from: "1.0.4"),
         .package(url: "https://github.com/apple/swift-http-types.git", from: "1.0.0"),
         .package(url: "https://github.com/apple/swift-distributed-tracing.git", from: "1.0.0"),
-        .package(url: "https://github.com/apple/swift-certificates.git", from: "1.0.4"),
+        .package(url: "https://github.com/apple/swift-certificates.git", from: "1.16.0"),
         .package(url: "https://github.com/apple/swift-log.git", from: "1.0.0"),
         .package(url: "https://github.com/apple/swift-nio.git", from: "2.0.0"),
-        .package(url: "https://github.com/apple/swift-nio-ssl.git", from: "2.0.0"),
+        .package(url: "https://github.com/apple/swift-nio-ssl.git", from: "2.36.0"),
         .package(url: "https://github.com/apple/swift-nio-extras.git", from: "1.30.0"),
         .package(url: "https://github.com/apple/swift-nio-http2.git", from: "1.0.0"),
     ],

diff --git a/Sources/HTTPServer/HTTPServerConfiguration.swift b/Sources/HTTPServer/HTTPServerConfiguration.swift
diff --git a/Sources/HTTPServer/NIOHTTPServer+ConnectionContext.swift b/Sources/HTTPServer/NIOHTTPServer+ConnectionContext.swift
@@ -0,0 +1,29 @@
+import NIOCore
+import NIOSSL
+public import X509
+
+@available(macOS 26.0, iOS 26.0, watchOS 26.0, tvOS 26.0, visionOS 26.0, *)
+extension NIOHTTPServer {
+    /// Connection-specific information available during request handling.
+    ///
+    /// Provides access to data such as the peer's validated certificate chain.
+    public struct ConnectionContext: Sendable {
+        var peerCertificateChainFuture: EventLoopFuture<NIOSSL.ValidatedCertificateChain?>?
+
+        init(_ peerCertificateChainFuture: EventLoopFuture<NIOSSL.ValidatedCertificateChain?>? = nil) {
+            self.peerCertificateChainFuture = peerCertificateChainFuture
+        }
+
+        /// The peer's validated certificate chain. This returns `nil` if a custom verification callback was not set
+        /// when configuring mTLS in the server configuration, or if the custom verification callback did not return the
+        /// derived validated chain.
+        public var peerCertificateChain: X509.ValidatedCertificateChain? {
+            get async throws {
+                if let certs = try await self.peerCertificateChainFuture?.get() {
+                    return .init(uncheckedCertificateChain: try certs.map { try Certificate($0) })
+                }
+                return nil
+            }
+        }
+    }
+}