Show details of incoming mTLS Authentication/Client Certificates

mendhak / docker-http-https-echo

Docker image that echoes request data as JSON; listens on HTTP/S, useful for debugging.

https://code.mendhak.com/docker-http-https-echo/

MIT License

621 stars 136 forks source link

Show details of incoming mTLS Authentication/Client Certificates #38

Closed Okeanos closed 1 year ago

Okeanos commented 2 years ago

First of all: Awesome project :)

I just recently stumbled across a use case where I wanted to debug a reverse proxy and see whether it properly forwards mTLS authentication/SSL client certificates correctly. However, the http-https-echo server doesn't say/print that information as far as I could tell. Maybe I overlooked something or used it wrong?

Output similar to this would be expected:

{
  "mtls": true,
  "mtls-details": {
    "common-name": "something",
    "authority-common-name": "something else"
  }
}

mendhak commented 1 year ago

I think I was able to accomplish this https://github.com/mendhak/docker-http-https-echo/pull/44

Can you test it? The tag is :mtls, to enable it you have to pass an environment variable like this

docker run -e MTLS_ENABLE=1 -p 8080:8080 -p 8443:8443 --rm -t mendhak/http-https-echo:mtls

I tested from curl like so

curl -sk --cert cert.pem --key privkey.pem  https://localhost:8443/test

Okeanos commented 1 year ago

This looks very much like what I wanted. Thanks a lot for that ❤️

mendhak commented 1 year ago

Tag :26 has been published to Docker Hub

https://hub.docker.com/r/mendhak/http-https-echo/tags