Fix for issue 857: RFC-7230 compliant forwarding of client certificates
Maxim Dounin
mdounin at mdounin.ru
Thu Nov 24 13:39:14 UTC 2016
Hello!
On Thu, Nov 24, 2016 at 02:15:17PM +0100, Flemming Frandsen wrote:
> Hi, I've been bitten by issue 857: https://trac.nginx.org/nginx/ticket/857
>
> I terminate TLS in nginx, but I need access to the full client certificate
> in the backend, so to that end I've been using $ssl_client_cert, but now
> I've upgraded the application to a version that is RFC 7230 compliant and
> that means blowing up when multi-line headers are seen.
>
>
> As there's no reason to have newlines in a PEM file, my fix for #857 is to
> remove all the newlines, as my PEM parser in the application already
> ignores all newlines this works perfectly for me.
>
> I think simply removing the newlines is a much better solution than url
> encoding the newlines as less code (in my case none at all) is needed to
> deal with no newlines than urldecoding.
The problem with removing newlines is that it requires custom code
to recover original PEM format.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list