pub fn extract_mtls_identity(
cert_der: &[u8],
default_role: &str,
) -> Option<AuthIdentity>Expand description
Parse an mTLS client certificate and extract an AuthIdentity.
Reads the Subject CN as the identity name. Falls back to the first
DNS SAN if CN is absent. The role is taken from the MtlsConfig.