Created the Certainly-Client-Dn header...#2
Created the Certainly-Client-Dn header...#2dogvisor wants to merge 1 commit intoDoctor-love:masterfrom dogvisor:dn-header
Conversation
…e client-provided certificate. (By way of recreating the functionality of the NewSingleHostReverseProxy handler.)
|
Lovely - I will have a look at this. |
|
Re: header naming, I consider "X-Certainly.." but that convention is apparently long-deprecated: https://tools.ietf.org/html/rfc6648 And for the rest, the http.Request.TLS object that holds the client cert has an additional member that holds chains of validated certs, which will probably give you what you need to construct a multi-identity header value. |
|
I'm gonna steal the custom proxy handler code and include that first - it will be useful for HSTS and other interesting stuff as well |
2 participants
... populated with the DN from the client-provided certificate. (By way of recreating the functionality of the NewSingleHostReverseProxy handler, and extracting it from the assumed-to-have-been validated client certificate.)