Hello team,
We use nginx as reverse proxy to a upstream endpoint which requires a client cert authentication. The proxy is configured to request a certificate from the browser and then to set a header in the proxy location block like:
proxy_set_header SSL_CLIENT_CERT $ssl_client_escaped_cert;

The upstream server supports PEM with some restrictions:

1. Newlines should be replaced by space (or any whitespace)
2. Or alternatively only the base64 content in one row (no blanks) without BEGIN.. END CERTIFICATE sections

Manipulating the upstream server is not an option. It is not another nginx instance. Is it possible to rewrite the header before it is sent by replacing all %0d and %0a with space and URL decoding a few other characters like %2f?

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx