Hi Dave,
> Hello
> The TLS unique id, or unique channel binding, is a byte string that can be
> pulled from a TLS connection and it is unique to that connection. It is
> defined in RFC 5929 section 3. The value is used by various upper layer
> protocols as part of an extra layer of security. For example XMPP
> (RFC 6120) and EST (RFC 7030).
>
> I created this patch on top of dev22 to extract this value so it can be
> passed from the front end to the back end when TLS is terminated at the
> front end.
> Here is an example configuration using it:
>
> server backend 127.0.0.1:80
> http-request set-header X-TLS-UNIQUE-ID %{+Q}[ssl_fc_unique_id]
>
>
> If you accept this patch, I'd also be happy to update configuration.txt.
>
> This is my first contribution, so please let me know the correct the
> procedure if I've missed something.
I gave it a try and it works as expected. I don't have the knowledge to
actually review the code, but my impression of the patch is positive, I
like it.
Patch applies fine to dev22, but it doesn't apply to current git/master.
My suggestion would be that you rebase this so that it applies cleanly
to the current tree (preferably with git, otherwise you can also just
get the latest snapshot [1]) and include the doc update in the patch
(small note in section 7.3.3 should be enough).
Furthermore please include a short description of what the patch does
(2 - 3 sentences) for the commit message.
Regards,
Lukas
[1] http://haproxy.1wt.eu/download/1.5/src/snapshot/
