mirror of
https://github.com/haproxy/haproxy.git
synced 2026-02-11 14:53:05 -05:00
a598b500b4
Following work from Arjen and Mathilde, it adds ssl_{c,s}_chain_der
methods; it returns DER encoded certs from SSL_get_peer_cert_chain
Also update existing vtc tests to add random intermediate certificates
When getting the result through this header:
http-response add-header x-ssl-chain-der %[ssl_c_chain_der,hex]
One can parse it with any lib accepting ASN.1 DER data, such as in go:
bin, err := encoding/hex.DecodeString(cert)
certs_parsed, err := x509.ParseCertificates(bin)
Cc: Arjen Nienhuis <arjen@zorgdoc.nl>
Signed-off-by: Mathilde Gilles <m.gilles@criteo.com>
Signed-off-by: William Dauchy <w.dauchy@criteo.com>
|
||
|---|---|---|
| .. | ||
| add_ssl_crt-list.vtc | ||
| ca-auth.crt | ||
| client1.pem | ||
| client2_expired.pem | ||
| client3_revoked.pem | ||
| common.pem | ||
| crl-auth.pem | ||
| ecdsa.pem | ||
| localhost.crt-list | ||
| README | ||
| set_ssl_cert.vtc | ||
| ssl_client_auth.vtc | ||
| ssl_client_samples.vtc | ||
| ssl_frontend_samples.vtc | ||
| ssl_server_samples.vtc | ||
| wrong_ctx_storage.vtc | ||
File list: - common.pem: PEM file which may be used by most of the VTC files.