Hi Phil, please keep the ML in the loop. On Thu, 16 Jun 2022 00:19:57 +1000 Philip Young <pt.fr...@gmail.com> wrote:
> Hi Alex > > Thanks for the reply, but unfortunately that only sets the CA certs that > issued the server certs. I need a way to specify a client certificate that > will be used to talk to authz service. Ah okay sorry haven't understood that you want to send client certificate. I would try to use http://docs.haproxy.org/2.6/configuration.html#5.2-crt with the Client Certificate in the pem and set it on the server line. It's my conclusion of that code. https://git.haproxy.org/?p=haproxy.git;a=blob;f=src/hlua.c;hb=HEAD#l12530 Again it's just a assumption as I had never the requirements to use client certificates with haproxy. Regards Alex > Thanks anyway > > Sent from my iPhone > > > On 16 Jun 2022, at 12:03 am, Aleksandar Lazic <al-hapr...@none.at> wrote: > > > > HI. > > > >> On Wed, 15 Jun 2022 23:33:27 +1000 > >> Philip Young <pt.fr...@gmail.com> wrote: > >> > >> Hi > >> I am currently writing a LUA module to make authorisation decisions on > >> whether a request is allowed, by calling out to another service to make the > >> authorisation decision. > >> In the Lua module, I am using Socket.connect_ssl() to > >> connect to the authorisation service but I am struggling to work out how to > >> set the path to the certificate I want to use to connect to the > >> authorisation service. > >> Does anybody know how to set the path to the certificate that is > >> used when using Socket.connect_ssl() Is it possible to do this using the > >> httpclient? > > > > As I'm not a lua nor httpclient expert but maybe this could help. > > https://docs.haproxy.org/2.6/configuration.html#httpclient.ssl.ca-file > > > > Also check if you mabye need to adopt this at least for the beginning. > > https://docs.haproxy.org/2.6/configuration.html#httpclient.ssl.verify > > > >> I have tried asking the Slack chat channel and on the commercial > >> site but no one knows. > >> > >> Cheers Phil > > > > Hth > > Alex