Open dekimsey opened 2 years ago
Yeah, we can do that. This is pretty easy to do. You're looking for basically this code:
But for layer4. The Connections all have a Replacer, similar to the http app:
So if you're matching on TLS attributes (as opposed to terminating TLS) then maybe somewhere around here:
I'm a little too busy to take this on right now but it shouldn't be too difficult if someone would like to contribute!
Thanks for the pointers @mholt, I'll give this a try.
I need this as well, in case priority depends on user input. Would also be helpful if Caddy could parse certificate subject into fields, kind of like it does HTTP query.
The http app exposes a number of placeholders that'd be equally valuable for the L4 side (
http.request.tls.*
). Right now matching only works forsni
,alpn
, andremote_ip
.Use-case: I'd like to be able to have an mTLS stripping proxy that can also validate the client's certificate has a given SAN in addition to being validly signed by the CA. Right now, that doesn't appear possible.
(Apologies if I have screwed up the nomenclature here, I'm a bit new to Caddy)