Forward client certificate in header

Is there any support for forwarding the TLS client certificate used in a connection to the backing HTTP service as a header? I would like to be able to bind OAuth2 access tokens to Linkerd client certificates as per . My OAuth2 Authorization Server supports receiving the client certificate in a header when TLS is terminated at a reverse proxy, but I can’t see a configuration setting for this in Linkerd.

PS - if not and you’d like to support it, I’m happy to create a PR, although my Rust is a little… rusty.


Thanks for the offer to create a PR!

Let’s start by opening an issue on GitHub to start the conversation around this feature:

We’ll want to discuss whether forwarding TLS client certificates is a responsibility of the service mesh and GitHub is the right place to have that discussion. :slight_smile: