Caddy: Allow to extract fields from client cert (to set header for example)
This might be the same situation as #1904, duplicate of #1375, but I couldn't find an explicit issue about this. https://caddy.community/t/tls-authentication-with-client-cert/1074/7 eventually mention it.
Could it be possible to extract client certificate fields ?
To set them in a header, pass them to the underlying server for example, allowing simple authentification (but filtering this header for upstream, using header_upstream I suppose).
Alex131089
All 5 comments
Out of curiosity, are other servers like nginx able to do this?
francislavoie
on 4 Oct 2017
Yes, see the linked forum thread : https://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables
Or https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html#accesscontrol / https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
Alex131089
on 4 Oct 2017
Has there been any progress on this? I had assumed at first that there was already a way to get the client's cert info, based on the 'verify_if_given' parameter (otherwise this parameter seems no better than not authenticating clients at all), but it seems this is not the case.
virtualdxs
on 11 Oct 2018
It looks like this has actually been fixed in master. Can somebody confirm that this is a duplicate of #2115?
virtualdxs
on 11 Oct 2018
Yup, I think you're right @virtualdxs looks like a duplicate. Thanks for spotting that!
francislavoie
on 11 Oct 2018
Related issues
klaasel
路
3Comments
muhammadmuzzammil1998
路
3Comments
jgsqware
路
3Comments
kilpatty
路
3Comments
treviser
路
3Comments
Most helpful comment
Yes, see the linked forum thread : https://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables
Or https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html#accesscontrol / https://httpd.apache.org/docs/2.4/mod/mod_ssl.html