@haboy5258 wrote:
how to get common name from client cert in TLS connection instead of HTTPS. I am using TLS not https and want to get common name from client cert using haproxy 1.6.9 also tried 1.7-dev4 on aws, I am using aws elb+haproxy client certificate ssl and I know use ssl_c_i_dn but how to get/compare the value here is my config: global log 127.0.0.1 local0 maxconn 100000 lua-load /home/ubuntu/a.lua defaults log global mode tcp option tcplog option dontlognull retries 3000 option redispatch timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 100s timeout check 10s maxconn 100000
frontend fort mode tcp log 127.0.0.1 local0 debug bind *:4443 ssl crt /home/ubuntu/host.pem ca-file /home/ubuntu/ca.crt verify required bind *:4443 use_backend ssl-error unless { ssl_c_verify 0 } use_backend mos if { ssl_fc_has_crt } default_backend %[lua.c] backend mos balance leastconn mode tcp server ip-10-252-1-100 10.252.1.131:2983 check inter 5s fall 3 rise 99999999 server ip-10-252-1-131 10.252.1.131:1983 check backup a.lua function c(txn) local arg2 = txn.sf:ssl_c_i_dn("dn") local arg3 = txn.sf:ssl_f_i_dn("dn") core.log(core.info, arg3) core.log(core.info, arg2) return "mos" end core.register_fetches("c", c)
Posts: 1
Participants: 1
