add `require client ca' for proxy blocks

refactor the code that calls validate_against_ca into an helper function to reuse it in both apply_require_ca and (optionally) in apply_reverse_proxy.
author: Omar Polo <op@omarpolo.com> 2022-01-04 23:14:34 +0000
committer: Omar Polo <op@omarpolo.com> 2022-01-04 23:14:34 +0000
commit: ba94a608a89110740cb24ef098c476c84d371918 (patch)
tree: 79202a1a949a3187b6f35997a43772c77b4dda08 /parse.y
parent: 280fd79b8f5d42097d2a1a315338559261cb1e74 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/parse.y b/parse.y
index 43a7b15..57cf3f5 100644
--- a/parse.y
+++ b/parse.y
@@ -351,6 +351,13 @@ proxy_opt	: CERT string {
 			free(proxy->host);
 			parsehp($2, &proxy->host, &proxy->port, "1965");
 		}
+		| REQUIRE CLIENT CA string {
+			only_once(proxy->reqca, "require client ca");
+			ensure_absolute_path($4);
+			if ((proxy->reqca = load_ca($4)) == NULL)
+				yyerror("couldn't load ca cert: %s", $4);
+			free($4);
+		}
 		| USE_TLS bool {
 			proxy->notls = !$2;
 		}
author	Omar Polo <op@omarpolo.com>	2022-01-04 23:14:34 +0000
committer	Omar Polo <op@omarpolo.com>	2022-01-04 23:14:34 +0000
commit	ba94a608a89110740cb24ef098c476c84d371918 (patch)
tree	79202a1a949a3187b6f35997a43772c77b4dda08 /parse.y
parent	280fd79b8f5d42097d2a1a315338559261cb1e74 (diff)