Hi Phil,
please keep the ML in the loop.
On Thu, 16 Jun 2022 00:19:57 +1000
Philip Young <pt.fr...@gmail.com> wrote:
> Hi Alex
>
> Thanks for the reply, but unfortunately that only sets the CA certs that
> issued the server certs. I need a way to specify a client certificate that
> will be used to talk to authz service.
Ah okay sorry haven't understood that you want to send client certificate.
I would try to use http://docs.haproxy.org/2.6/configuration.html#5.2-crt
with the Client Certificate in the pem and set it on the server line.
It's my conclusion of that code.
https://git.haproxy.org/?p=haproxy.git;a=blob;f=src/hlua.c;hb=HEAD#l12530
Again it's just a assumption as I had never the requirements to use client
certificates with haproxy.
Regards
Alex
> Thanks anyway
>
> Sent from my iPhone
>
> > On 16 Jun 2022, at 12:03 am, Aleksandar Lazic <al-hapr...@none.at> wrote:
> >
> > HI.
> >
> >> On Wed, 15 Jun 2022 23:33:27 +1000
> >> Philip Young <pt.fr...@gmail.com> wrote:
> >>
> >> Hi
> >> I am currently writing a LUA module to make authorisation decisions on
> >> whether a request is allowed, by calling out to another service to make the
> >> authorisation decision.
> >> In the Lua module, I am using Socket.connect_ssl() to
> >> connect to the authorisation service but I am struggling to work out how to
> >> set the path to the certificate I want to use to connect to the
> >> authorisation service.
> >> Does anybody know how to set the path to the certificate that is
> >> used when using Socket.connect_ssl() Is it possible to do this using the
> >> httpclient?
> >
> > As I'm not a lua nor httpclient expert but maybe this could help.
> > https://docs.haproxy.org/2.6/configuration.html#httpclient.ssl.ca-file
> >
> > Also check if you mabye need to adopt this at least for the beginning.
> > https://docs.haproxy.org/2.6/configuration.html#httpclient.ssl.verify
> >
> >> I have tried asking the Slack chat channel and on the commercial
> >> site but no one knows.
> >>
> >> Cheers Phil
> >
> > Hth
> > Alex
