From which version is ssl client certificate information in http headers available?


#1

Hi everyone,

I am using haproxy 1.5.4 and haproxy 1.5.14 and I would like to know from wich version is the capability of inserting client certificate information in HTTP headers and forward them to the backend available.

Do my versions permit forwarding the following certificate information?:

http-request set-header X-SSL %[ssl_fc]
http-request set-header X-SSL-Session_ID %[ssl_fc_session_id,hex]
http-request set-header X-SSL-Client-Verify %[ssl_c_verify]
http-request set-header X-SSL-Client-DN %{+Q}[ssl_c_s_dn]
http-request set-header X-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
http-request set-header X-SSL-Issuer %{+Q}[ssl_c_i_dn]
http-request set-header X-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore]
http-request set-header X-SSL-Client-NotAfter %{+Q}[ssl_c_notafter]

Thanks in advance,
Daniel


#2

You can find this information in doc/configuration.txt in the relevant tar, that said those features have been committed in 1.5-dev16, meaning any 1.5 release has this feature builtin.