summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorOleg <musinit@yandex.ru>2021-10-02 01:27:29 +0300
committerGitHub <noreply@github.com>2021-10-01 16:27:29 -0600
commitcbb045a121464527d85cce1b56250480b0515f9a (patch)
tree85b7141e7821d698ed3f7f673f3bff8c1415b3b4 /modules
parentc48fadc4a7655008d13076c7f757c36368e2ca13 (diff)
caddyhttp: Placeholder for client cert in DER + base64 format (#4241)
* client.certificate_pem_encoded in base64 format * base64-encoding without pem encoding;naming change * fix cert.Raw instead of block.bytes
Diffstat (limited to 'modules')
-rw-r--r--modules/caddyhttp/app.go1
-rw-r--r--modules/caddyhttp/replacer.go3
2 files changed, 4 insertions, 0 deletions
diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go
index 8285200..91c31c8 100644
--- a/modules/caddyhttp/app.go
+++ b/modules/caddyhttp/app.go
@@ -77,6 +77,7 @@ func init() {
// `{http.request.tls.client.public_key}` | The public key of the client certificate.
// `{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key.
// `{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate.
+// `{http.request.tls.client.certificate_der_base64}` | The base64-encoded value of the certificate.
// `{http.request.tls.client.issuer}` | The issuer DN of the client certificate
// `{http.request.tls.client.serial}` | The serial number of the client certificate
// `{http.request.tls.client.subject}` | The subject DN of the client certificate
diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go
index 4d27a84..2cf456f 100644
--- a/modules/caddyhttp/replacer.go
+++ b/modules/caddyhttp/replacer.go
@@ -25,6 +25,7 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/asn1"
+ "encoding/base64"
"encoding/pem"
"fmt"
"io"
@@ -352,6 +353,8 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) {
case "client.certificate_pem":
block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}
return pem.EncodeToMemory(&block), true
+ case "client.certificate_der_base64":
+ return base64.StdEncoding.EncodeToString(cert.Raw), true
default:
return nil, false
}