git.ipfire.org Git - thirdparty/haproxy.git/commit

author	William Dauchy <w.dauchy@criteo.com>
	Thu, 6 Aug 2020 16:11:38 +0000 (18:11 +0200)
committer	William Lallemand <wlallemand@haproxy.org>
	Fri, 7 Aug 2020 13:38:40 +0000 (15:38 +0200)
commit	a598b500b474280ae3bc86a0a10c871f1ca72d96
tree	12c1417006a549677ae9e07eaa7be83a43f72244	tree
parent	98c35045aa5b0975b74a7eeaffc8b113fc7a0b42	commit \| diff

MINOR: ssl: add ssl_{c,s}_chain_der fetch methods

Following work from Arjen and Mathilde, it adds ssl_{c,s}_chain_der
methods; it returns DER encoded certs from SSL_get_peer_cert_chain

Also update existing vtc tests to add random intermediate certificates

When getting the result through this header:
  http-response add-header x-ssl-chain-der %[ssl_c_chain_der,hex]
One can parse it with any lib accepting ASN.1 DER data, such as in go:
  bin, err := encoding/hex.DecodeString(cert)
  certs_parsed, err := x509.ParseCertificates(bin)

Cc: Arjen Nienhuis <arjen@zorgdoc.nl>
Signed-off-by: Mathilde Gilles <m.gilles@criteo.com>
Signed-off-by: William Dauchy <w.dauchy@criteo.com>

doc/configuration.txt		diff \| blob \| blame \| history
reg-tests/ssl/client1.pem		diff \| blob \| blame \| history
reg-tests/ssl/common.pem		diff \| blob \| blame \| history
reg-tests/ssl/ssl_client_samples.vtc		diff \| blob \| blame \| history
reg-tests/ssl/ssl_server_samples.vtc		diff \| blob \| blame \| history
src/ssl_sample.c		diff \| blob \| blame \| history