[GH-ISSUE #3221] [Feature Request] Pass client certificate subject information to plugin handler #2583

New issue

Closed

opened 2026-05-05 13:39:42 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented 2026-05-05 13:39:42 -06:00

Owner

Copy link

Originally created by @CrazyPandar on GitHub (Dec 20, 2022).
Original GitHub issue: https://github.com/fatedier/frp/issues/3221

Describe the feature request

With TLS client authentication, I hope the subject information, like CN, SUBJECT_ID, can be sent to the plugin handler. So I can do authentication and authorization based on the subject information.

Describe alternatives you've considered

No response

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

Originally created by @CrazyPandar on GitHub (Dec 20, 2022). Original GitHub issue: https://github.com/fatedier/frp/issues/3221 ### Describe the feature request With TLS client authentication, I hope the subject information, like CN, SUBJECT_ID, can be sent to the plugin handler. So I can do authentication and authorization based on the subject information. ### Describe alternatives you've considered _No response_ ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [X] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [X] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror 2026-05-05 13:39:42 -06:00

• closed this issue
• added the
  lifecycle/stale
  label

gitea-mirror commented 2026-05-05 13:39:46 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Dec 20, 2022):

You should describe the details about what you want to change.

<!-- gh-comment-id:1358783624 --> @fatedier commented on GitHub (Dec 20, 2022): You should describe the details about what you want to change.

gitea-mirror commented 2026-05-05 13:39:47 -06:00

Author

Owner

Copy link

@CrazyPandar commented on GitHub (Dec 20, 2022):

change the plugin HTTP request body to include FRP client's TLS peer certificate information, for example the "common name", "subject ID" ....

<!-- gh-comment-id:1358904994 --> @CrazyPandar commented on GitHub (Dec 20, 2022): change the plugin HTTP request body to include FRP client's TLS peer certificate information, for example the "common name", "subject ID" ....

gitea-mirror commented 2026-05-05 13:39:47 -06:00

Author

Owner

Copy link

@CrazyPandar commented on GitHub (Dec 20, 2022):

please have a look at the following example, the plugin can get the remote FRPC peer's TLS common name by content.user.cert.subject.cname and use it to do authorization.

{
    "content": {
        "user": {
            "user": <string>,
            "metas": map<string>string,
            "run_id": <string>,
            "cert": {
                "subject": {
                    cname: <string>,
                    ........
                }
            }
        },
        "proxy_name": <string>,
        "proxy_type": <string>,
        "use_encryption": <bool>,
        "use_compression": <bool>,
        "group": <string>,
        "group_key": <string>,

        // tcp and udp only
        "remote_port": <int>,

        // http and https only
        "custom_domains": []<string>,
        "subdomain": <string>,
        "locations": <string>,
        "http_user": <string>,
        "http_pwd": <string>,
        "host_header_rewrite": <string>,
        "headers": map<string>string,

        // stcp only
        "sk": <string>,

        // tcpmux only
        "multiplexer": <string>

        "metas": map<string>string
    }
}

<!-- gh-comment-id:1358910052 --> @CrazyPandar commented on GitHub (Dec 20, 2022): please have a look at the following example, the plugin can get the remote FRPC peer's TLS common name by content.user.cert.subject.cname and use it to do authorization. ``` { "content": { "user": { "user": <string>, "metas": map<string>string, "run_id": <string>, "cert": { "subject": { cname: <string>, ........ } } }, "proxy_name": <string>, "proxy_type": <string>, "use_encryption": <bool>, "use_compression": <bool>, "group": <string>, "group_key": <string>, // tcp and udp only "remote_port": <int>, // http and https only "custom_domains": []<string>, "subdomain": <string>, "locations": <string>, "http_user": <string>, "http_pwd": <string>, "host_header_rewrite": <string>, "headers": map<string>string, // stcp only "sk": <string>, // tcpmux only "multiplexer": <string> "metas": map<string>string } } ```

gitea-mirror commented 2026-05-05 13:39:48 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Dec 20, 2022):

It's the connection level info, not the meta info of user.

I don't want to make more changes on current version. Maybe considered in v2.

<!-- gh-comment-id:1358916483 --> @fatedier commented on GitHub (Dec 20, 2022): It's the connection level info, not the meta info of `user`. I don't want to make more changes on current version. Maybe considered in v2.

gitea-mirror commented 2026-05-05 13:39:49 -06:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jan 20, 2023):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:1397784340 --> @github-actions[bot] commented on GitHub (Jan 20, 2023): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2583

No description provided.