I would like to check client certificat CN using a map file.
This map file contains for each targeted hostname, the authorized CN list.
Test steps :
a) 1st step, find the list of CN for the requested host, in the map file
b) 2nd step, check the client CN in the list retrieved at a)
An extract of haproxy configuration file :
acl validcert hdr(host),map_str(/tmp/listCERT.checkcert,nocerts) -m %[sub ssl_c_s_dn(cn)]
http-request deny if !validcert
But this acl configuration does not work
Do you have any idea ?
thanks in advance