I am using lua filter at ingress and egress gateway to extract the certificate subject presented by client and the server during TLS handshake using " response_handle:headers():add(“client-res”, response_handle:connection():ssl():subjectLocalCertificate()) ", response_handle:headers():add(“server-res”, response_handle:connection():ssl():subjectPeerCertificate()) . At ingress gateway We are successfully able to extract the certs subject for both client and server but at egress gateway they are not getting extracted and giving empty headers.
when we further investigated we figured out, empty headers are coming because it is extracting from the cert which was used in MTLS between Istio proxy and egress gateway whose cert have no subject but I want the subject to be extracted from the MTLS that happens between egress gateway and external server. so question is does “response_handle:connection():ssl():subjectLocalCertificate()","response_handle:headers():add(“server-res”, response_handle:connection():ssl():subjectPeerCertificate())” only works when our system working as a server (proxy/gateway) but when our system works as client (egress to external MTLS) the variables will not work?