Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/haproxy: add support for client certificate authentication #426

Closed
fraenki opened this issue Dec 13, 2017 · 10 comments
Closed

net/haproxy: add support for client certificate authentication #426

fraenki opened this issue Dec 13, 2017 · 10 comments
Assignees
@fraenki
Labels
feature Adding new functionality

Comments

@fraenki
Copy link
Member

fraenki commented Dec 13, 2017

Via forum post.

Examples:
https://www.haproxy.com/blog/ssl-client-certificate-management-at-application-level/
http://www.loadbalancer.org/blog/client-certificate-authentication-with-haproxy/
@fraenki fraenki added feature Adding new functionality help wanted Contributor missing labels Dec 13, 2017
@fraenki fraenki self-assigned this Dec 13, 2017
@mohnewald
Copy link

... we are really interested in this feature, too. :-)

@officebluesource
Copy link

here, too!

@mahescho
Copy link

Count me in, how can I help?

@fraenki
Copy link
Member Author

fraenki commented Sep 13, 2018

@mahescho Currently nobody is working on this. If you are able to help developing this feature, please submit a pull-request; I'd gladly review your work :)

@fabianfrz
Copy link
Member

Or as an alternative, the nginx plugin supports it. (please note that it targets different use cases)

@mahescho
Copy link

As I will not use the load balancing feature any way I will have a look at NginX. As I really like HA proxy I will have a look at the source when I find some time. Very basic support should not be to hard to implement.

@officebluesource
Copy link

will there be an approx. timeframe for implementation?
thanks!

@fraenki
Copy link
Member Author

fraenki commented Sep 19, 2018

@bluesource, in case you missed it:

Currently nobody is working on this.

No ETA :)

@mohnewald
Copy link

Would someone be willing/motivated to add this feature for some beer or money? :)

@fraenki fraenki removed the help wanted Contributor missing label Nov 5, 2018
fraenki added a commit to fraenki/plugins that referenced this issue Nov 5, 2018
@fraenki
net/haproxy: add support for client certificate authentication, closes
813dfc2 
…opnsense#426
@fraenki fraenki mentioned this issue Nov 5, 2018
Merged
@fraenki
Copy link
Member Author

fraenki commented Nov 5, 2018
edited
Loading

Due to popular demand this feature will be available in the upcoming os-haproxy release 2.10:

clientcertauth

If someone is willing to test it, please apply the current development code:

$ opnsense-patch -c plugins 813dfc2b
$ opnsense-patch -c plugins d3fae338

I did a quick test and it seems to work as expected:

$ openssl s_client -connect opnsense.example.com:8443 -cert clientcert1.crt -key clientcert1.key

fraenki added a commit to fraenki/plugins that referenced this issue Nov 5, 2018
@fraenki
net/haproxy: adopt new file name, refs opnsense#426
d3fae33
@fraenki fraenki closed this as completed Nov 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fraenki fraenki

Labels
feature Adding new functionality
Milestone
No milestone
Development

No branches or pull requests
5 participants
@fraenki @officebluesource @fabianfrz @mahescho @mohnewald