haproxy pem formatted ssl client cert fetch - ssl_c_pem & ssl_c_pem_escaped - like ssl_c_der

ssl_c_pem.lua

local basexx = require("basexx")

core.register_fetches("ssl_c_pem", function(txn)
	local der = txn.f:ssl_c_der()
	if not der then return "" end
	
	local envelope = "-----BEGIN %s-----\n%s\n-----END %s-----"
	local typ = "CERTIFICATE";
	local wrap = ('.'):rep(64)
	
	local der64 = basexx.to_base64(der)
	local pem = string.format(envelope, typ, der64:gsub(wrap, '%0\n'), typ)
	
	return pem
end)

--[[
Similar to nginx's $ssl_client_escaped_cert? Put together according to
  syncthing's discovery server code. (GO's url.QueryEscape) ]]
core.register_fetches("ssl_c_pem_escaped", function(txn)
	local der = txn.f:ssl_c_der()
	if not der then return "" end
	
	local envelope = "-----BEGIN %s-----\n%s\n-----END %s-----"
	local typ = "CERTIFICATE";
	local wrap = ('.'):rep(64)
	
	local der64 = basexx.to_base64(der)
	local pem = string.format(envelope, typ, der64:gsub(wrap, '%0\n'), typ)
	
	pem = pem:gsub('=', '%%3D')
	pem = pem:gsub('\n', '%%0A')
	pem = pem:gsub('/', '%%2F')
	pem = pem:gsub('+', '%%2B')
	pem = pem:gsub(' ', '+')
	
	return pem
end)