From e7987cec13b2334404732d44bf2db218ed546753 Mon Sep 17 00:00:00 2001
From: Vika Shleina <vsh@nyantec.com>
Date: Wed, 16 Oct 2024 21:32:54 +0300
Subject: [PATCH] caddyhttp: parse UID field from client certificates

This requires a patch to the Go standard library.
---
 modules/caddyhttp/replacer.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go
index 2c0f32357ba..fe143b273bb 100644
--- a/modules/caddyhttp/replacer.go
+++ b/modules/caddyhttp/replacer.go
@@ -384,7 +384,6 @@ func getReqTLSReplacement(req *http.Request, key string) (any, bool) {
 	}
 
 	field := strings.ToLower(key[len(reqTLSReplPrefix):])
-
 	if strings.HasPrefix(field, "client.") {
 		cert := getTLSPeerCert(req.TLS)
 		if cert == nil {
@@ -409,6 +408,10 @@ func getReqTLSReplacement(req *http.Request, key string) (any, bool) {
 			case strings.HasPrefix(field, "uris"):
 				fieldName = "uris"
 				fieldValue = cert.URIs
+			// Maybe there's a better place for this
+			case strings.HasPrefix(field, "uids"):
+				fieldName = "uids"
+				fieldValue = cert.Subject.Uid
 			default:
 				return nil, false
 			}