mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 22:31:28 +02:00
Code Issues Projects Releases Wiki Activity

DOC: ssl: add fetch and ACL 'client_cert'

Browse Source
This commit is contained in:
Emeric Brun 2012-09-28 17:28:03 +02:00 committed by Willy Tarreau
parent e64aef124a
commit b4354087ee
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/configuration.txt
View File

@ -8051,6 +8051,10 @@ during analysis. This requires that some data has been buffered, for instance
through TCP request content inspection. Please see the "tcp-request content" through TCP request content inspection. Please see the "tcp-request content"
keyword for more detailed information on the subject. keyword for more detailed information on the subject.
client_crt
Returns true if a client certificate is present in an incoming connection over
SSL/TLS data layer. Useful if 'verify' statement is set to 'optional'.
is_ssl is_ssl
Returns true when the incoming connection was made via an SSL/TLS data layer Returns true when the incoming connection was made via an SSL/TLS data layer
and is locally deciphered. This means it has matched a socket declared with and is locally deciphered. This means it has matched a socket declared with
@ -8713,6 +8717,9 @@ The list of currently supported pattern fetch functions is the following :
shared caches efficiency. Using this with a limited size stick shared caches efficiency. Using this with a limited size stick
table also allows one to collect statistics about most commonly table also allows one to collect statistics about most commonly
requested objects by host/path. requested objects by host/path.
client_crt
Returns 1 if a client certificate is present in an incoming
connection over SSL/TLS data layer, otherwise 0.
src This is the source IPv4 address of the client of the session. src This is the source IPv4 address of the client of the session.
It is of type IPv4 and works on both IPv4 and IPv6 tables. It is of type IPv4 and works on both IPv4 and IPv6 tables.