Fix for issue 857: RFC-7230 compliant forwarding of client certificates
Flemming Frandsen
dren.dk at gmail.com
Thu Nov 24 13:15:17 UTC 2016
Hi, I've been bitten by issue 857: https://trac.nginx.org/nginx/ticket/857
I terminate TLS in nginx, but I need access to the full client certificate
in the backend, so to that end I've been using $ssl_client_cert, but now
I've upgraded the application to a version that is RFC 7230 compliant and
that means blowing up when multi-line headers are seen.
As there's no reason to have newlines in a PEM file, my fix for #857 is to
remove all the newlines, as my PEM parser in the application already
ignores all newlines this works perfectly for me.
I think simply removing the newlines is a much better solution than url
encoding the newlines as less code (in my case none at all) is needed to
deal with no newlines than urldecoding.
--
Flemming Frandsen - YAPH - http://osaa.dk - http://dren.dk/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20161124/7de7759b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: issue-857.patch
Type: text/x-patch
Size: 2595 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20161124/7de7759b/attachment.bin>
More information about the nginx-devel
mailing list