Fix for issue 857: RFC-7230 compliant forwarding of client certificates

Flemming Frandsen at
Mon Nov 28 09:20:28 UTC 2016

On Fri, Nov 25, 2016 at 12:58 PM, Maxim Dounin <mdounin at> wrote:

> Another possible approach might be to change $ssl_client_cert to
> use spaces (tabs?) instead of newline + tab.  This should be
> compatible with what most servers provide as a result of parsing
> multi-line header, and implies less changes.  This needs an
> additional investigation though.

Hi, I've found some more support for doing exactly this:

Any LWS that occurs between field-content MAY be replaced with a single SP
before interpreting the field value or forwarding the message downstream.

As far as I know LWS includes the newline-whitespace sequence.

It seems to me quite clear that any compliant interpreter of header values
should be insensitive to the switch from any amount of linear white space
ce to a single space within the header value.

Flemming Frandsen - YAPH - -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx-devel mailing list