Pass the TLS Cert infos in headers

server/server.go

@@ -6,7 +6,6 @@ import (
 	"crypto/x509"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	stdlog "log"
 	"net"
 	"net/http"
@@ -438,7 +437,7 @@ func (s *Server) createTLSConfig(entryPointName string, tlsOption *traefiktls.TL
 	if len(tlsOption.ClientCA.Files) > 0 {
 		pool := x509.NewCertPool()
 		for _, caFile := range tlsOption.ClientCA.Files {
-			data, err := ioutil.ReadFile(caFile)
+			data, err := caFile.Read()
 			if err != nil {
 				return nil, err
 			}

server/server_loadbalancer.go

@@ -5,7 +5,6 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
@@ -280,7 +279,7 @@ func createHTTPTransport(globalConfiguration configuration.GlobalConfiguration)
 	return transport, nil
 }
 
-func createRootCACertPool(rootCAs traefiktls.RootCAs) *x509.CertPool {
+func createRootCACertPool(rootCAs traefiktls.FilesOrContents) *x509.CertPool {
 	roots := x509.NewCertPool()
 
 	for _, cert := range rootCAs {
@@ -314,7 +313,7 @@ func createClientTLSConfig(entryPointName string, tlsOption *traefiktls.TLS) (*t
 	if len(tlsOption.ClientCA.Files) > 0 {
 		pool := x509.NewCertPool()
 		for _, caFile := range tlsOption.ClientCA.Files {
-			data, err := ioutil.ReadFile(caFile)
+			data, err := caFile.Read()
 			if err != nil {
 				return nil, err
 			}

server/server_middlewares.go

@@ -119,6 +119,15 @@ func (s *Server) buildMiddlewares(frontendName string, frontend *types.Frontend,
 		middle = append(middle, handler)
 	}
 
+	// TLSClientHeaders
+	tlsClientHeadersMiddleware := middlewares.NewTLSClientHeaders(frontend)
+	if tlsClientHeadersMiddleware != nil {
+		log.Debugf("Adding TLSClientHeaders middleware for frontend %s", frontendName)
+
+		handler := s.tracingMiddleware.NewNegroniHandlerWrapper("TLSClientHeaders", tlsClientHeadersMiddleware, false)
+		middle = append(middle, handler)
+	}
+
 	return middle, buildModifyResponse(secureMiddleware, headerMiddleware), postConfig, nil
 }