We are looking to migrating from Nginx to Caddy but we can’t found how to forward client SSL certificate information to the backend. The kind of authentication is a standard in bank or financial domains.
With Nginx, we can get information like
proxy_set_header X-ClientSSL-Status $ssl_client_verify; // “SUCCESS”, “FAILED:reason”, or “NONE”
proxy_set_header X-ClientSSL-DN $ssl_client_s_dn; // The subject DN
proxy_set_header X-ClientSSL-Finger $ssl_client_fingerprint; // The certificate fingerprint
It just requires some parameters added to the tls directive of the Caddyfile and then implementing that callback function mentioned in the issue. I think.
Feel free to contribute a pull request! Or I will get around to it eventually.