[patch] Properly terminate line-endings in $ssl_client_cert
Matt Palmer
mp+nginx at hezmatt.org
Sun May 4 05:44:47 UTC 2014
The below patch is a small one, to make the common use-case for
$ssl_client_cert (including it in an HTTP request header)
protocol-compliant. Some receiving webservers don't like a plain '\n' in
the requests they receive.
I considered digging deeper to find a more "natural" place to ensure
protocol compliance, but then I figured that since we're *already* mangling
the "native" look of the PEM data (adding leading tabs), adding some '\r'
wasn't a huge further leap.
--- nginx-1.6.0.orig/src/event/ngx_event_openssl.c
+++ nginx-1.6.0/src/event/ngx_event_openssl.c
@@ -2615,7 +2615,7 @@ ngx_ssl_get_certificate(ngx_connection_t
for (i = 0; i < cert.len - 1; i++) {
if (cert.data[i] == LF) {
- len++;
+ len += 2;
}
}
@@ -2628,9 +2628,12 @@ ngx_ssl_get_certificate(ngx_connection_t
p = s->data;
for (i = 0; i < cert.len - 1; i++) {
- *p++ = cert.data[i];
if (cert.data[i] == LF) {
+ *p++ = '\r';
+ *p++ = '\n';
*p++ = '\t';
+ } else {
+ *p++ = cert.data[i];
}
}
- Matt
--
Judging by this particular thread, many people in this group spent their
school years taking illogical, pointless orders from morons and having their
will to live systematically crushed. And people say school doesn't prepare
kids for the real world. -- Rayner, in the Monastery
More information about the nginx-devel
mailing list