-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Obtain downstream ssl information #348
Labels
question
Further information is requested
Comments
so basically, current workaround would be like you can compile Rust library to parse the x509 certs into Wasm and link it with the Proxy-Wasm Go SDK-produced Wasm binary. That is exactly what we (especially @anuraaga ) have done in https://github.com/corazawaf/coraza-proxy-wasm where another garbage collection library written in C is linked and replaces the TinyGo's default GC. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug / error
We're using mTLS in an Istio ingressgateway and have a need to get information from the downstream client certificate. Currently we are using LUA and can then get this information through the streamInfo object
but we would like to switch to WASM if possible, but have not found a way to retrieve the same information which is then a deal breaker for us.
You can retrieve the downstream peer subject it seems in WASM like this:
but we also need to get the peer_issuer and peer_serial_number which I haven't found out how to get.
Istio forwards the downstream certificate in the
x-forwarded-client-cert
header but there seem to be a problem with Tinygo using the crypto package, making it impossible to parse the data into a x509 certificate. See x509.ParsePKCS1PublicKey() failes due to panicSo I'm wondering if there is a way to get more downstream peer certificate information in some way in WASM? Or does anyone have any pointers on where to contribute to expose this information?
What is your Envoy/Istio version?
Istio: 1.13.3+
Envoy: 1.21.2+
What is the SDK version?
v0.20.0
What is your TinyGo version?
tinygo version 0.26.0 linux/amd64 (using go version go1.19 and LLVM version 14.0.0)
URL or snippet of your code including Envoy configuration
Additional context (Optional)
The text was updated successfully, but these errors were encountered: