Add an option to forward the base64 encoded cert through the xfcc header so applications can inspect the full cert. (#390)

Signed-off-by: William Thurston <wthurston@netflix.com>
7 years ago · 86a09b5ab4
parent a1f2fe93f0
commit 86a09b5ab4
1 changed files with 4 additions and 0 deletions
--- a/api/filter/network/http_connection_manager.proto
+++ b/api/filter/network/http_connection_manager.proto
@ -169,6 +169,10 @@ message HttpConnectionManager {

    // Whether to forward the SAN of the client cert. Defaults to false.
    google.protobuf.BoolValue san = 2;
+
+    // [#not-implemented-hide:]
+    // Whether to forward the entire client cert in base64 encoded format. Defaults to false.
+    bool cert = 3;
  };

  // This field is valid only when :ref:`forward_client_cert_details