Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-11-04 03:27:23 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

caddyhttp: Placeholder for client cert in DER + base64 format (#4241)

Browse Source 
* client.certificate_pem_encoded in base64 format

* base64-encoding without pem encoding;naming change

* fix cert.Raw instead of block.bytes
This commit is contained in:
Oleg 2021-10-02 01:27:29 +03:00 committed by GitHub
parent c48fadc4a7
commit cbb045a121
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
caddyconfig/httpcaddyfile/httptype.go
View File

@ -113,6 +113,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock,
"{tls_client_serial}", "{http.request.tls.client.serial}", "{tls_client_serial}", "{http.request.tls.client.serial}",
"{tls_client_subject}", "{http.request.tls.client.subject}", "{tls_client_subject}", "{http.request.tls.client.subject}",
"{tls_client_certificate_pem}", "{http.request.tls.client.certificate_pem}", "{tls_client_certificate_pem}", "{http.request.tls.client.certificate_pem}",
"{tls_client_certificate_der_base64}", "{http.request.tls.client.certificate_der_base64}",
"{upstream_hostport}", "{http.reverse_proxy.upstream.hostport}", "{upstream_hostport}", "{http.reverse_proxy.upstream.hostport}",
) )

1
modules/caddyhttp/app.go
View File

@ -77,6 +77,7 @@ func init() {
// `{http.request.tls.client.public_key}` | The public key of the client certificate. // `{http.request.tls.client.public_key}` | The public key of the client certificate.
// `{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key. // `{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key.
// `{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate. // `{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate.
// `{http.request.tls.client.certificate_der_base64}` | The base64-encoded value of the certificate.
// `{http.request.tls.client.issuer}` | The issuer DN of the client certificate // `{http.request.tls.client.issuer}` | The issuer DN of the client certificate
// `{http.request.tls.client.serial}` | The serial number of the client certificate // `{http.request.tls.client.serial}` | The serial number of the client certificate
// `{http.request.tls.client.subject}` | The subject DN of the client certificate // `{http.request.tls.client.subject}` | The subject DN of the client certificate

3
modules/caddyhttp/replacer.go
View File

@ -25,6 +25,7 @@ import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/asn1" "encoding/asn1"
"encoding/base64"
"encoding/pem" "encoding/pem"
"fmt" "fmt"
"io" "io"
@ -352,6 +353,8 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) {
case "client.certificate_pem": case "client.certificate_pem":
block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw} block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}
return pem.EncodeToMemory(&block), true return pem.EncodeToMemory(&block), true
case "client.certificate_der_base64":
return base64.StdEncoding.EncodeToString(cert.Raw), true
default: default:
return nil, false return nil, false
} }