Christopher.
Thank you for your answer.
On 25.02.21 21:10, Christopher Schultz wrote:
Alex,
On 2/24/21 22:05, Alex wrote:
Hi.
I try to setup HAProxy to send some TLS Information's to tomcat.
As described in the documentation of SSL Valve are several parameters available
and
most of them are also available in HAProxy.
http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#SSL_Valve
The only parameter which is not able to use is sslClientCertHeader because
this header expects a PEM formatted certificate but HAProxy can
send the certificate in DER format.
http://cbonte.github.io/haproxy-dconv/2.3/configuration.html#7.3.4-ssl_c_der
Where can I add the Feature request to be this feature be considered
to be added into tomcat ssl valve?
Hmm. Sending binary data in an HTTP header field? You are going to definitely
find some problems there.
Or were you going to try something like:
http-request set-header X-Client-Certificate %[ssl_c_der,base64]
As suggested here: https://serverfault.com/a/859328 ?
I got also a similar answer on the haproxy list.
http-request add-header X-SSL-Client-Cert -----BEGIN\ CERTIFICATE-----\
%[ssl_c_der,base64]\ -----END\ CERTIFICATE-----\ # don't forget last space
https://www.mail-archive.com/haproxy@formilux.org/msg39893.html
If so, you are base64-encoding a DER value which is essentially a PEM-formatted
value :)
But sure, it seems like adding this kind of thing would be okay. Are you able
to provide a patch/PR?
-chris
Regards
Alex
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org