Fix for issue 857: RFC-7230 compliant forwarding of client certificates

Flemming Frandsen at
Thu Nov 24 13:15:17 UTC 2016

Hi, I've been bitten by issue 857:

I terminate TLS in nginx, but I need access to the full client certificate
in the backend, so to that end I've been using $ssl_client_cert, but now
I've upgraded the application to a version that is RFC 7230 compliant and
that means blowing up when multi-line headers are seen.

As there's no reason to have newlines in a PEM file, my fix for #857 is to
remove all the newlines, as my PEM parser in the application already
ignores all newlines this works perfectly for me.

I think simply removing the newlines is a much better solution than url
encoding the newlines as less code (in my case none at all) is needed to
deal with no newlines than urldecoding.

Flemming Frandsen - YAPH - -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: issue-857.patch
Type: text/x-patch
Size: 2595 bytes
Desc: not available
URL: <>

More information about the nginx-devel mailing list