client-certificate-auth

Appearance

client-certificate-auth API Reference

client-certificate-auth API Reference / parsers / parseXfcc

Function: parseXfcc()

parseXfcc(headerValue): PeerCertificate | null

Defined in: parsers.js:219

Parse Envoy XFCC (X-Forwarded-Client-Cert) structured header format. Format: Key=Value;Key=Value;... where Cert (single URL-encoded PEM) or Chain (URL-encoded multi-block PEM with the full chain incl. leaf) carry the certificate. When both are present we prefer Chain because it carries more information, and link the chain via issuerCertificate.

Parameters

headerValue

string

XFCC formatted header value

Returns

PeerCertificate | null

Parsed certificate or null on failure

See

https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-client-cert

Released under the MIT License.

Copyright © 2013-2026 Tony Gies