Add client authentication to Web3Signer validators (#3170)

## Issue Addressed Web3Signer validators do not support client authentication. This means the `--tls-known-clients-file` option on Web3Signer can't be used with Lighthouse. ## Proposed Changes Add two new fields to Web3Signer validators, `client_identity_path` and `client_identity_password`, which specify the path and password for a PKCS12 file containing a certificate and private key. If `client_identity_path` is present, use the certificate for SSL client authentication. ## Additional Info I am successfully validating on Prater using client authentication with Web3Signer and client authentication.
2026-03-14 18:32:42 +00:00 · 2022-05-18 23:14:37 +00:00
parent 053625f113
commit 807283538f
25 changed files with 316 additions and 95 deletions
--- a/validator_client/src/http_api/mod.rs
+++ b/validator_client/src/http_api/mod.rs
@@ -475,6 +475,8 @@ pub fn serve<T: 'static + SlotClock + Clone, E: EthSpec>(
                                    url: web3signer.url,
                                    root_certificate_path: web3signer.root_certificate_path,
                                    request_timeout_ms: web3signer.request_timeout_ms,
+                                    client_identity_path: web3signer.client_identity_path,
+                                    client_identity_password: web3signer.client_identity_password,
                                },
                            })
                            .collect();