From 86a09b5ab467df02a01551eb77f10c1739b81fb9 Mon Sep 17 00:00:00 2001
From: William Thurston <me@williamthurston.com>
Date: Thu, 4 Jan 2018 10:50:10 -0800
Subject: [PATCH] Add an option to forward the base64 encoded cert through the
 xfcc header so applications can inspect the full cert. (#390)

Signed-off-by: William Thurston <wthurston@netflix.com>
---
 api/filter/network/http_connection_manager.proto | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/filter/network/http_connection_manager.proto b/api/filter/network/http_connection_manager.proto
index f442a617..738dfa91 100644
--- a/api/filter/network/http_connection_manager.proto
+++ b/api/filter/network/http_connection_manager.proto
@@ -169,6 +169,10 @@ message HttpConnectionManager {
 
     // Whether to forward the SAN of the client cert. Defaults to false.
     google.protobuf.BoolValue san = 2;
+
+    // [#not-implemented-hide:]
+    // Whether to forward the entire client cert in base64 encoded format. Defaults to false.
+    bool cert = 3;
   };
 
   // This field is valid only when :ref:`forward_client_cert_details