3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-31 07:19:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/config/envoyconfig/luascripts/set-client-certificate-metadata.lua
Kenneth Jenkins a83375db7f
envoy: check for nil ssl() in client cert script (#4466) 
If Pomerium is operating in the insecure_server mode (e.g. if there is
another reverse proxy in front of Pomerium), then the ssl() Lua method
will return nil.

Add a check for this case to the set-client-certificate-metadata.lua
script, in order to avoid an error when attempting to store the client
certificate info.
2023-08-16 12:39:20 -07:00

13 lines
528 B
Lua
Raw Permalink Blame History

function envoy_on_request(request_handle)
local metadata = request_handle:streamInfo():dynamicMetadata()
local ssl = request_handle:streamInfo():downstreamSslConnection()
if ssl == nil then
return
end
metadata:set("com.pomerium.client-certificate-info", "presented",
ssl:peerCertificatePresented())
metadata:set("com.pomerium.client-certificate-info", "chain",
ssl:urlEncodedPemEncodedPeerCertificateChain())
end
function envoy_on_response(response_handle) end
Reference in a new issue View git blame Copy permalink