Fix for issue 857: RFC-7230 compliant forwarding of client certificates

Maxim Dounin mdounin at
Thu Nov 24 13:39:14 UTC 2016


On Thu, Nov 24, 2016 at 02:15:17PM +0100, Flemming Frandsen wrote:

> Hi, I've been bitten by issue 857:
> I terminate TLS in nginx, but I need access to the full client certificate
> in the backend, so to that end I've been using $ssl_client_cert, but now
> I've upgraded the application to a version that is RFC 7230 compliant and
> that means blowing up when multi-line headers are seen.
> As there's no reason to have newlines in a PEM file, my fix for #857 is to
> remove all the newlines, as my PEM parser in the application already
> ignores all newlines this works perfectly for me.
> I think simply removing the newlines is a much better solution than url
> encoding the newlines as less code (in my case none at all) is needed to
> deal with no newlines than urldecoding.

The problem with removing newlines is that it requires custom code 
to recover original PEM format.

Maxim Dounin

More information about the nginx-devel mailing list