[patch] Properly terminate line-endings in $ssl_client_cert
Ruslan Ermilov
ru at nginx.com
Mon May 5 09:56:37 UTC 2014
On Sun, May 04, 2014 at 03:44:47PM +1000, Matt Palmer wrote:
> The below patch is a small one, to make the common use-case for
> $ssl_client_cert (including it in an HTTP request header)
> protocol-compliant. Some receiving webservers don't like a plain '\n' in
> the requests they receive.
>
> I considered digging deeper to find a more "natural" place to ensure
> protocol compliance, but then I figured that since we're *already* mangling
> the "native" look of the PEM data (adding leading tabs), adding some '\r'
> wasn't a huge further leap.
>
> --- nginx-1.6.0.orig/src/event/ngx_event_openssl.c
> +++ nginx-1.6.0/src/event/ngx_event_openssl.c
> @@ -2615,7 +2615,7 @@ ngx_ssl_get_certificate(ngx_connection_t
>
> for (i = 0; i < cert.len - 1; i++) {
> if (cert.data[i] == LF) {
> - len++;
> + len += 2;
> }
> }
>
> @@ -2628,9 +2628,12 @@ ngx_ssl_get_certificate(ngx_connection_t
> p = s->data;
>
> for (i = 0; i < cert.len - 1; i++) {
> - *p++ = cert.data[i];
> if (cert.data[i] == LF) {
> + *p++ = '\r';
> + *p++ = '\n';
> *p++ = '\t';
> + } else {
> + *p++ = cert.data[i];
> }
> }
>
Better use macros CR and LF instead of '\r' and '\n'.
Otherwise, your patch looks good to me.
Please also see:
http://nginx.org/en/docs/contributing_changes.html
More information about the nginx-devel
mailing list