After completing the handshake, you can receive a client certificate. Although the client certificate is also available in verify callback (verify_cb), there really is no reason to try to do anything other than verify the certificate in this callback. Setting up an application-specific mapping is best done after the handshake is successfully completed. Therefore, consider using the OpenSSL.SSL.Connection instance returned by the accept method to get the certificate (and from there, commonName) and associate it with the connection object at this point. For instance,
client, clientAddress = self.server.accept() client.do_handshake() commonNamesToConnections[client.get_peer_certificate().commonName] = client
You might want to check the mapping to make sure you are not overwriting any existing connection (perhaps using a list of connections, not just matching each common name to one). And of course, you need to delete entries when connections are lost.
Calling `do_handshake 'makes the handshake actually happen. Without this, a handshake will occur when application data is first transferred over the connection. This is great, but it would make setting up this display a little more complicated.