Skip to content

Commit

Permalink
caddyhttp: New placeholder for PEM of client certificate (#3662)
Browse files Browse the repository at this point in the history
* Fix-3585: added placeholder for a PEM encoded value of the certificate

* Update modules/caddyhttp/replacer.go

Change type of block and empty headers removed

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

* fixed tests

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
  • Loading branch information
gdhameeja and mholt authored Sep 16, 2020
1 parent 309c1fe commit b01bb27
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
4 changes: 4 additions & 0 deletions modules/caddyhttp/replacer.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/asn1"
"encoding/pem"
"fmt"
"io"
"io/ioutil"
Expand Down Expand Up @@ -343,6 +344,9 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) {
return cert.SerialNumber, true
case "client.subject":
return cert.Subject, true
case "client.certificate_pem":
block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}
return pem.EncodeToMemory(&block), true
default:
return nil, false
}
Expand Down
4 changes: 4 additions & 0 deletions modules/caddyhttp/replacer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,10 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
input: "{http.request.tls.client.san.ips.0}",
expect: "127.0.0.1",
},
{
input: "{http.request.tls.client.certificate_pem}",
expect: string(clientCert) + "\n", // returned value comes with a newline appended to it
},
} {
actual := repl.ReplaceAll(tc.input, "<empty>")
if actual != tc.expect {
Expand Down

0 comments on commit b01bb27

Please sign in to comment.