envoyproxy/envoy

Question: Does XFCC http header has to formatted following RFC 2253 ?

Open

#13,244 创建于 2020年9月23日

在 GitHub 查看
 (2 评论) (0 反应) (0 负责人)C++ (5,373 fork)batch import
area/tlsenhancementhelp wanted

仓库指标

Star
 (27,997 star)
PR 合并指标
 (平均合并 8天) (30 天内合并 378 个 PR)

描述

Background

SSL info is deserialized from x509 to string and the potential consumers are XFCC header and access log.

Envoy deserialize cert subject following the RFC2253

std::string Utility::getSubjectFromCertificate(X509& cert) {
  return getRFC2253NameFromCertificate(cert, CertName::Subject);
}

RFC2253 explicitly mentioned that if the key is not well-known, the value's string representation is BER encoding of an OCTET STRING.

   An example name in which an RDN was of an unrecognized type.  The
   value is the BER encoding of an OCTET STRING containing two bytes
   0x48 and 0x69.

   1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB

The OCTET STRING is not very user-friendly in access log. #04024869 is printable ascii.

My question is

  1. Is there any workaround so we can print ASCII 0x48 0x69 to "Hi" in access log?
  2. Does XFCC header have to be RFC2253? What if we make it "1.3.6.1.4.1.1466.0=Hi"?

贡献者指南