Add client authentication to Web3Signer validators (#3170)

## Issue Addressed Web3Signer validators do not support client authentication. This means the `--tls-known-clients-file` option on Web3Signer can't be used with Lighthouse. ## Proposed Changes Add two new fields to Web3Signer validators, `client_identity_path` and `client_identity_password`, which specify the path and password for a PKCS12 file containing a certificate and private key. If `client_identity_path` is present, use the certificate for SSL client authentication. ## Additional Info I am successfully validating on Prater using client authentication with Web3Signer and client authentication.
2026-04-16 12:28:24 +00:00 · 2022-05-18 23:14:37 +00:00
parent 053625f113
commit 807283538f
25 changed files with 316 additions and 95 deletions
--- a/common/account_utils/src/validator_definitions.rs
+++ b/common/account_utils/src/validator_definitions.rs
@@ -72,6 +72,16 @@ pub enum SigningDefinition {
        /// The timeout is applied from when the request starts connecting until the response body has finished.
        #[serde(skip_serializing_if = "Option::is_none")]
        request_timeout_ms: Option<u64>,
+
+        /// Path to a PKCS12 file.
+        #[serde(skip_serializing_if = "Option::is_none")]
+        client_identity_path: Option<PathBuf>,
+
+        /// Password for the PKCS12 file.
+        ///
+        /// An empty password will be used if this is omitted.
+        #[serde(skip_serializing_if = "Option::is_none")]
+        client_identity_password: Option<String>,
    },
 }