Pass back client cert extended property as header


#1

Ok so we have mutual auth turned on and will pass back information from the CLIENT cert as a header.

So normally you would set the header and pull the correct attribute with something like: ssl_c_s_dn(cn)
In this case we need to pull an extended property of the client cert, Subject Alternative Name --> Other Name --> Principal Name.

If we can access the SAN at all we can probably regex the Principal Name out, (REGEX)
But based on the documentation, I can’t figure out how to access the SAN.
https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.4

Thoughts on the best way to do this?