diff options
author | Gaurav Dhameeja <gdhameeja@gmail.com> | 2020-09-17 02:36:51 +0530 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-16 15:06:51 -0600 |
commit | b01bb275b395643542ceca4fbc82bedea8e43937 (patch) | |
tree | 213f0a4c6b7fba4ccc0e3f41ea4306c695609aa6 | |
parent | 309c1fec622c08bdc68a43de64fc0777f590d309 (diff) |
caddyhttp: New placeholder for PEM of client certificate (#3662)
* Fix-3585: added placeholder for a PEM encoded value of the certificate
* Update modules/caddyhttp/replacer.go
Change type of block and empty headers removed
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* fixed tests
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
-rw-r--r-- | modules/caddyhttp/replacer.go | 4 | ||||
-rw-r--r-- | modules/caddyhttp/replacer_test.go | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 3f4a808..3993433 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -25,6 +25,7 @@ import ( "crypto/tls" "crypto/x509" "encoding/asn1" + "encoding/pem" "fmt" "io" "io/ioutil" @@ -343,6 +344,9 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { return cert.SerialNumber, true case "client.subject": return cert.Subject, true + case "client.certificate_pem": + block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw} + return pem.EncodeToMemory(&block), true default: return nil, false } diff --git a/modules/caddyhttp/replacer_test.go b/modules/caddyhttp/replacer_test.go index 49167ee..486a8e3 100644 --- a/modules/caddyhttp/replacer_test.go +++ b/modules/caddyhttp/replacer_test.go @@ -171,6 +171,10 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV input: "{http.request.tls.client.san.ips.0}", expect: "127.0.0.1", }, + { + input: "{http.request.tls.client.certificate_pem}", + expect: string(clientCert) + "\n", // returned value comes with a newline appended to it + }, } { actual := repl.ReplaceAll(tc.input, "<empty>") if actual != tc.expect { |