mirror of https://github.com/caddyserver/caddy.git
caddyhttp: New placeholder for PEM of client certificate (#3662)
* Fix-3585: added placeholder for a PEM encoded value of the certificate * Update modules/caddyhttp/replacer.go Change type of block and empty headers removed Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * fixed tests Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
This commit is contained in:
Gaurav Dhameeja
GitHub
parent
309c1fec62
commit
b01bb275b3
|
|
@ -25,6 +25,7 @@ import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/asn1"
|
"encoding/asn1"
|
||||||
|
"encoding/pem"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
|
@ -343,6 +344,9 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) {
|
||||||
return cert.SerialNumber, true
|
return cert.SerialNumber, true
|
||||||
case "client.subject":
|
case "client.subject":
|
||||||
return cert.Subject, true
|
return cert.Subject, true
|
||||||
|
case "client.certificate_pem":
|
||||||
|
block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}
|
||||||
|
return pem.EncodeToMemory(&block), true
|
||||||
default:
|
default:
|
||||||
return nil, false
|
return nil, false
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -171,6 +171,10 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
||||||
input: "{http.request.tls.client.san.ips.0}",
|
input: "{http.request.tls.client.san.ips.0}",
|
||||||
expect: "127.0.0.1",
|
expect: "127.0.0.1",
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
input: "{http.request.tls.client.certificate_pem}",
|
||||||
|
expect: string(clientCert) + "\n", // returned value comes with a newline appended to it
|
||||||
|
},
|
||||||
} {
|
} {
|
||||||
actual := repl.ReplaceAll(tc.input, "<empty>")
|
actual := repl.ReplaceAll(tc.input, "<empty>")
|
||||||
if actual != tc.expect {
|
if actual != tc.expect {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue