From b01bb275b395643542ceca4fbc82bedea8e43937 Mon Sep 17 00:00:00 2001 From: Gaurav Dhameeja Date: Thu, 17 Sep 2020 02:36:51 +0530 Subject: [PATCH] caddyhttp: New placeholder for PEM of client certificate (#3662) * Fix-3585: added placeholder for a PEM encoded value of the certificate * Update modules/caddyhttp/replacer.go Change type of block and empty headers removed Co-authored-by: Matt Holt * fixed tests Co-authored-by: Matt Holt --- modules/caddyhttp/replacer.go | 4 ++++ modules/caddyhttp/replacer_test.go | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 3f4a808e..3993433a 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -25,6 +25,7 @@ import ( "crypto/tls" "crypto/x509" "encoding/asn1" + "encoding/pem" "fmt" "io" "io/ioutil" @@ -343,6 +344,9 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { return cert.SerialNumber, true case "client.subject": return cert.Subject, true + case "client.certificate_pem": + block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw} + return pem.EncodeToMemory(&block), true default: return nil, false } diff --git a/modules/caddyhttp/replacer_test.go b/modules/caddyhttp/replacer_test.go index 49167ee5..486a8e3c 100644 --- a/modules/caddyhttp/replacer_test.go +++ b/modules/caddyhttp/replacer_test.go @@ -171,6 +171,10 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV input: "{http.request.tls.client.san.ips.0}", expect: "127.0.0.1", }, + { + input: "{http.request.tls.client.certificate_pem}", + expect: string(clientCert) + "\n", // returned value comes with a newline appended to it + }, } { actual := repl.ReplaceAll(tc.input, "") if actual != tc.expect {