We currently have support for base64 client certificate, but this only fetches the first certificate that the client sends. See #3767 for prior discussion on how support for this was added via tls_client_certificate_der_base64 . I propose we add a new one called tls_client_certificate_chain_der_base64 which gives the entire client certificate chain. Since HTTP headers can't have newlines in the value, I propose we do something likebase64(base64DerValues.join("\n")) to combine the client certificate chain into one header value.
#6920 is the PR for this.
We currently have support for base64 client certificate, but this only fetches the first certificate that the client sends. See #3767 for prior discussion on how support for this was added via
tls_client_certificate_der_base64. I propose we add a new one calledtls_client_certificate_chain_der_base64which gives the entire client certificate chain. Since HTTP headers can't have newlines in the value, I propose we do something likebase64(base64DerValues.join("\n"))to combine the client certificate chain into one header value.#6920 is the PR for this.