Skip to content

Add SSL client certificate TLV #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pires merged 1 commit into from
Jan 24, 2026
Merged

Add SSL client certificate TLV #136

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 15 additions & 14 deletions tlv.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,20 +12,21 @@ import (

const (
// Section 2.2
PP2_TYPE_ALPN PP2Type = 0x01
PP2_TYPE_AUTHORITY PP2Type = 0x02
PP2_TYPE_CRC32C PP2Type = 0x03
PP2_TYPE_NOOP PP2Type = 0x04
PP2_TYPE_UNIQUE_ID PP2Type = 0x05
PP2_TYPE_SSL PP2Type = 0x20
PP2_SUBTYPE_SSL_VERSION PP2Type = 0x21
PP2_SUBTYPE_SSL_CN PP2Type = 0x22
PP2_SUBTYPE_SSL_CIPHER PP2Type = 0x23
PP2_SUBTYPE_SSL_SIG_ALG PP2Type = 0x24
PP2_SUBTYPE_SSL_KEY_ALG PP2Type = 0x25
PP2_SUBTYPE_SSL_GROUP PP2Type = 0x26
PP2_SUBTYPE_SSL_SIG_SCHEME PP2Type = 0x27
PP2_TYPE_NETNS PP2Type = 0x30
PP2_TYPE_ALPN PP2Type = 0x01
PP2_TYPE_AUTHORITY PP2Type = 0x02
PP2_TYPE_CRC32C PP2Type = 0x03
PP2_TYPE_NOOP PP2Type = 0x04
PP2_TYPE_UNIQUE_ID PP2Type = 0x05
PP2_TYPE_SSL PP2Type = 0x20
PP2_SUBTYPE_SSL_VERSION PP2Type = 0x21
PP2_SUBTYPE_SSL_CN PP2Type = 0x22
PP2_SUBTYPE_SSL_CIPHER PP2Type = 0x23
PP2_SUBTYPE_SSL_SIG_ALG PP2Type = 0x24
PP2_SUBTYPE_SSL_KEY_ALG PP2Type = 0x25
PP2_SUBTYPE_SSL_GROUP PP2Type = 0x26
PP2_SUBTYPE_SSL_SIG_SCHEME PP2Type = 0x27
PP2_SUBTYPE_SSL_CLIENT_CERT PP2Type = 0x28
PP2_TYPE_NETNS PP2Type = 0x30

// Section 2.2.7, reserved types
PP2_TYPE_MIN_CUSTOM PP2Type = 0xE0
Expand Down
11 changes: 11 additions & 0 deletions tlvparse/ssl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,17 @@ func (s PP2SSL) ClientCN() (string, bool) {
return "", false
}

// ClientCert returns the raw X.509 client certificate encoded in ASN.1 DER and
// whether that extension exists.
func (s PP2SSL) ClientCert() ([]byte, bool) {
for _, tlv := range s.TLV {
if tlv.Type == proxyproto.PP2_SUBTYPE_SSL_CLIENT_CERT {
return tlv.Value, true
}
}
return nil, false
}

// SSLType is true if the TLV is type SSL
func IsSSL(t proxyproto.TLV) bool {
return t.Type == proxyproto.PP2_TYPE_SSL && len(t.Value) >= tlvSSLMinLen
Expand Down
Loading