summaryrefslogtreecommitdiff
path: root/modules/caddyhttp
diff options
context:
space:
mode:
Diffstat (limited to 'modules/caddyhttp')
-rw-r--r--modules/caddyhttp/replacer.go4
-rw-r--r--modules/caddyhttp/replacer_test.go4
2 files changed, 8 insertions, 0 deletions
diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go
index 3f4a808..3993433 100644
--- a/modules/caddyhttp/replacer.go
+++ b/modules/caddyhttp/replacer.go
@@ -25,6 +25,7 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/asn1"
+ "encoding/pem"
"fmt"
"io"
"io/ioutil"
@@ -343,6 +344,9 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) {
return cert.SerialNumber, true
case "client.subject":
return cert.Subject, true
+ case "client.certificate_pem":
+ block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}
+ return pem.EncodeToMemory(&block), true
default:
return nil, false
}
diff --git a/modules/caddyhttp/replacer_test.go b/modules/caddyhttp/replacer_test.go
index 49167ee..486a8e3 100644
--- a/modules/caddyhttp/replacer_test.go
+++ b/modules/caddyhttp/replacer_test.go
@@ -171,6 +171,10 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
input: "{http.request.tls.client.san.ips.0}",
expect: "127.0.0.1",
},
+ {
+ input: "{http.request.tls.client.certificate_pem}",
+ expect: string(clientCert) + "\n", // returned value comes with a newline appended to it
+ },
} {
actual := repl.ReplaceAll(tc.input, "<empty>")
if actual != tc.expect {