From which version is ssl client certificate information in http headers available?

lists.dg · November 18, 2016, 9:20am

Hi everyone,

I am using haproxy 1.5.4 and haproxy 1.5.14 and I would like to know from wich version is the capability of inserting client certificate information in HTTP headers and forward them to the backend available.

Do my versions permit forwarding the following certificate information?:

http-request set-header X-SSL %[ssl_fc]
http-request set-header X-SSL-Session_ID %[ssl_fc_session_id,hex]
http-request set-header X-SSL-Client-Verify %[ssl_c_verify]
http-request set-header X-SSL-Client-DN %{+Q}[ssl_c_s_dn]
http-request set-header X-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
http-request set-header X-SSL-Issuer %{+Q}[ssl_c_i_dn]
http-request set-header X-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore]
http-request set-header X-SSL-Client-NotAfter %{+Q}[ssl_c_notafter]

Thanks in advance,
Daniel

lukastribus · November 21, 2016, 5:44pm

You can find this information in doc/configuration.txt in the relevant tar, that said those features have been committed in 1.5-dev16, meaning any 1.5 release has this feature builtin.

Topic		Replies	Views
Forward client certificate info via TCP Help!	0	484	March 20, 2019
Client cert authetication pass through Help!	8	1217	May 12, 2023
How to delivery HTTPS to the backend servers after SSL Termination Help!	2	2369	November 6, 2020
Header not added to some requests Help!	1	188	May 23, 2023
Key authentication header forward Help!	5	418	September 3, 2021

From which version is ssl client certificate information in http headers available?

Related Topics