caddyhttp: New placeholder for PEM of client certificate (#3662)

* Fix-3585: added placeholder for a PEM encoded value of the certificate

* Update modules/caddyhttp/replacer.go

Change type of block and empty headers removed

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

* fixed tests

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
This commit is contained in:
Gaurav Dhameeja 2020-09-17 02:36:51 +05:30 committed by GitHub
parent 309c1fec62
commit b01bb275b3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 0 deletions

View file

@ -25,6 +25,7 @@ import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/asn1" "encoding/asn1"
"encoding/pem"
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
@ -343,6 +344,9 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) {
return cert.SerialNumber, true return cert.SerialNumber, true
case "client.subject": case "client.subject":
return cert.Subject, true return cert.Subject, true
case "client.certificate_pem":
block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}
return pem.EncodeToMemory(&block), true
default: default:
return nil, false return nil, false
} }

View file

@ -171,6 +171,10 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
input: "{http.request.tls.client.san.ips.0}", input: "{http.request.tls.client.san.ips.0}",
expect: "127.0.0.1", expect: "127.0.0.1",
}, },
{
input: "{http.request.tls.client.certificate_pem}",
expect: string(clientCert) + "\n", // returned value comes with a newline appended to it
},
} { } {
actual := repl.ReplaceAll(tc.input, "<empty>") actual := repl.ReplaceAll(tc.input, "<empty>")
if actual != tc.expect { if actual != tc.expect {