diff options
author | Oleg <musinit@yandex.ru> | 2021-10-02 01:27:29 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-01 16:27:29 -0600 |
commit | cbb045a121464527d85cce1b56250480b0515f9a (patch) | |
tree | 85b7141e7821d698ed3f7f673f3bff8c1415b3b4 /modules/caddyhttp | |
parent | c48fadc4a7655008d13076c7f757c36368e2ca13 (diff) |
caddyhttp: Placeholder for client cert in DER + base64 format (#4241)
* client.certificate_pem_encoded in base64 format
* base64-encoding without pem encoding;naming change
* fix cert.Raw instead of block.bytes
Diffstat (limited to 'modules/caddyhttp')
-rw-r--r-- | modules/caddyhttp/app.go | 1 | ||||
-rw-r--r-- | modules/caddyhttp/replacer.go | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 8285200..91c31c8 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -77,6 +77,7 @@ func init() { // `{http.request.tls.client.public_key}` | The public key of the client certificate. // `{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key. // `{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate. +// `{http.request.tls.client.certificate_der_base64}` | The base64-encoded value of the certificate. // `{http.request.tls.client.issuer}` | The issuer DN of the client certificate // `{http.request.tls.client.serial}` | The serial number of the client certificate // `{http.request.tls.client.subject}` | The subject DN of the client certificate diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 4d27a84..2cf456f 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -25,6 +25,7 @@ import ( "crypto/tls" "crypto/x509" "encoding/asn1" + "encoding/base64" "encoding/pem" "fmt" "io" @@ -352,6 +353,8 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { case "client.certificate_pem": block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw} return pem.EncodeToMemory(&block), true + case "client.certificate_der_base64": + return base64.StdEncoding.EncodeToString(cert.Raw), true default: return nil, false } |