[patch] Properly terminate line-endings in $ssl_client_cert

Ruslan Ermilov ru at nginx.com
Mon May 5 09:56:37 UTC 2014


On Sun, May 04, 2014 at 03:44:47PM +1000, Matt Palmer wrote:
> The below patch is a small one, to make the common use-case for
> $ssl_client_cert (including it in an HTTP request header)
> protocol-compliant.  Some receiving webservers don't like a plain '\n' in
> the requests they receive.
> 
> I considered digging deeper to find a more "natural" place to ensure
> protocol compliance, but then I figured that since we're *already* mangling
> the "native" look of the PEM data (adding leading tabs), adding some '\r'
> wasn't a huge further leap.
> 
> --- nginx-1.6.0.orig/src/event/ngx_event_openssl.c
> +++ nginx-1.6.0/src/event/ngx_event_openssl.c
> @@ -2615,7 +2615,7 @@ ngx_ssl_get_certificate(ngx_connection_t
>  
>      for (i = 0; i < cert.len - 1; i++) {
>          if (cert.data[i] == LF) {
> -            len++;
> +            len += 2;
>          }
>      }
>  
> @@ -2628,9 +2628,12 @@ ngx_ssl_get_certificate(ngx_connection_t
>      p = s->data;
>  
>      for (i = 0; i < cert.len - 1; i++) {
> -        *p++ = cert.data[i];
>          if (cert.data[i] == LF) {
> +            *p++ = '\r';
> +            *p++ = '\n';
>              *p++ = '\t';
> +        } else {
> +            *p++ = cert.data[i];
>          }
>      }
>  

Better use macros CR and LF instead of '\r' and '\n'.
Otherwise, your patch looks good to me.

Please also see:
http://nginx.org/en/docs/contributing_changes.html



More information about the nginx-devel mailing list