Alex,
On 2/24/21 22:05, Alex wrote:
Hi.
I try to setup HAProxy to send some TLS Information's to tomcat.
As described in the documentation of SSL Valve are several parameters
available and
most of them are also available in HAProxy.
http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#SSL_Valve
The only parameter which is not able to use is sslClientCertHeader because
this header expects a PEM formatted certificate but HAProxy can
send the certificate in DER format.
http://cbonte.github.io/haproxy-dconv/2.3/configuration.html#7.3.4-ssl_c_der
Where can I add the Feature request to be this feature be considered
to be added into tomcat ssl valve?
Hmm. Sending binary data in an HTTP header field? You are going to
definitely find some problems there.
Or were you going to try something like:
http-request set-header X-Client-Certificate %[ssl_c_der,base64]
As suggested here: https://serverfault.com/a/859328 ?
If so, you are base64-encoding a DER value which is essentially a
PEM-formatted value :)
But sure, it seems like adding this kind of thing would be okay. Are you
able to provide a patch/PR?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
