I'm actually aware that I can send the client certificate validity status with something like:
auth_policy_request_attributes = ... cert=%{cert}
But I want the full X.509 certificate to be able to decide over the basis of certificate extensions, e.g. Certificate Policies extension.
Is it currently possible?, what about Lua based authentication?, does Lua currently receive the full client certificate?.
--
Jaime Hablutzel - RPC 994690880