zwoop commented on code in PR #12363:
URL: https://github.com/apache/trafficserver/pull/12363#discussion_r2208243354
##########
plugins/header_rewrite/resources.cc:
##########
@@ -126,6 +132,32 @@ Resources::gather(const ResourceIDs ids, TSHttpHookID hook)
break;
}
+ // The following is all the new infrastructure borrowed / reused from
+ // the Cripts library.
+#if TS_HAS_CRIPTS
+ if (ids & (RSRC_CLIENT_CONNECTION | RSRC_MTLS_CERTIFICATE |
RSRC_SERVER_CERTIFICATE)) {
+ Dbg(pi_dbg_ctl, "\tAdding Cripts Client::Connection");
+ client_conn = new cripts::Client::Connection();
+ client_conn->set_state(&state);
+ }
+
+ if (ids & RSRC_SERVER_CONNECTION) {
+ Dbg(pi_dbg_ctl, "\tAdding Cripts Server::Connection");
+ server_conn = new cripts::Server::Connection();
+ server_conn->set_state(&state);
+ }
+
+ if (ids & RSRC_MTLS_CERTIFICATE) {
+ Dbg(pi_dbg_ctl, "\tAdding Cripts Certs::Client");
+ mtls_cert = new cripts::Certs::Client(*client_conn);
+ }
+
+ if (ids & RSRC_SERVER_CERTIFICATE) {
+ Dbg(pi_dbg_ctl, "\tAdding Cripts Certs::Server");
+ server_cert = new cripts::Certs::Server(*client_conn);
Review Comment:
What gets complicated is that there are 4 possible certificates, that Cripts
support. On the inbound connection it can get the client certificate and the
server certificate (that's on client_conn), and on the outbound connection it
can get same (at which point the server certificate is the certificate on the
upstream TLS connection / server).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
