Hi Jarno,
Thanks for a prompt reply!
It seems to work for me too, although there were some line offsets when
applying to version 1.5.6.
Any idea what would it take to get it merged?
I’ll try to understand what the patch does, but I’m afraid my knowledge of c
and ssl is not sufficient to provide a valid review.
Rein
> On 22 Oct 2014, at 16:06, Jarno Huuskonen <jarno.huusko...@uef.fi> wrote:
>
> Hi,
>
> On Wed, Oct 22, Rein Remmel wrote:
>> Hi,
>>
>> I’m wondering if there are any plans to support passing client certificate
>> to the backend? Currently most of the certificate fields can be forwarded as
>> headers, but I couldn’t find a way to froward the certificate itself. What I
>> need is something similar to apache
>> RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
>> Any comments on workaround or roadmap would be appreciated.
>>
>> I would like to avoid mixing haproxy with nginx/httpd/… One workaround would
>> be to bind ssl require to different port/ip and use tcp passthrough, but
>> with this solution I have to enable ssl on all tomcat backends.
>
> See this thread:
> https://www.mail-archive.com/haproxy@formilux.org/msg13618.html
>
> I did a quick proof of concept in may. It appeared to work with
> tomcat SSLValve.
> (https://www.mail-archive.com/haproxy@formilux.org/msg13875.html)
>
> -Jarno
>
> --
> Jarno Huuskonen
>
