Re: Issue with ssl_c_sha1
Hi, On Wed, Jul 02, 2014 at 02:49:55AM +, Yumerefendi, Aydan wrote: Willy, Thanks for you help. Your suggestion worked! What tripped me was the lack of an example involving ssl_c_sha1 in the documentation. The easiest way to improve would be to the line you sent me to the list of other SSL examples. I added an example according to your suggestion, thanks! Willy
Re: Issue with ssl_c_sha1
Willy, Thanks for you help. Your suggestion worked! What tripped me was the lack of an example involving ssl_c_sha1 in the documentation. The easiest way to improve would be to the line you sent me to the list of other SSL examples. Thanks, ‹aydan On 5/28/14, 5:47 PM, Willy Tarreau w...@1wt.eu wrote: Hi, On Wed, May 28, 2014 at 08:47:11PM +, Yumerefendi, Aydan wrote: Hi, I am trying to extract the sha1 hash of the client certificate and to pass it to the backend server. My configuration has this line: http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1] However, this does not seem to produce a string of the form aabbcc... as the examples I've seen on the web. Instead, it appears to write the raw sha1 hash bytes. The downstream server, node.js, appears to treat these value as utf8 strings. Indeed, the doc says it's binary, so if you want it in hex, you just need to chain the hex converter : http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1,hex] The binary form is more suited to stick tables for example as it takes half of the space. Do you think we could improve the doc one way or another to make this easier to find ? Maybe with more examples ? Do not hesitate to suggest adaptations or even patches! Regards, Willy
Issue with ssl_c_sha1
Hi, I am trying to extract the sha1 hash of the client certificate and to pass it to the backend server. My configuration has this line: http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1] However, this does not seem to produce a string of the form aabbcc... as the examples I've seen on the web. Instead, it appears to write the raw sha1 hash bytes. The downstream server, node.js, appears to treat these value as utf8 strings. This is the version I am running: ./haproxy --version HA-Proxy version 1.5-dev25-a339395 2014/05/10 Copyright 2000-2014 Willy Tarreau w...@1wt.eu What am I doing wrong? Ideally I would like to get the sha1 hash as a hex string. Thanks, -aydan
Re: Issue with ssl_c_sha1
Hi, On Wed, May 28, 2014 at 08:47:11PM +, Yumerefendi, Aydan wrote: Hi, I am trying to extract the sha1 hash of the client certificate and to pass it to the backend server. My configuration has this line: http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1] However, this does not seem to produce a string of the form aabbcc... as the examples I've seen on the web. Instead, it appears to write the raw sha1 hash bytes. The downstream server, node.js, appears to treat these value as utf8 strings. Indeed, the doc says it's binary, so if you want it in hex, you just need to chain the hex converter : http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1,hex] The binary form is more suited to stick tables for example as it takes half of the space. Do you think we could improve the doc one way or another to make this easier to find ? Maybe with more examples ? Do not hesitate to suggest adaptations or even patches! Regards, Willy