Lyubenov, Branimir
July 13, 2020 10:00AM
Hello team,
We use nginx as reverse proxy to a upstream endpoint which requires a client cert authentication. The proxy is configured to request a certificate from the browser and then to set a header in the proxy location block like:
proxy_set_header SSL_CLIENT_CERT $ssl_client_escaped_cert;

The upstream server supports PEM with some restrictions:

1. Newlines should be replaced by space (or any whitespace)
2. Or alternatively only the base64 content in one row (no blanks) without BEGIN.. END CERTIFICATE sections

Manipulating the upstream server is not an option. It is not another nginx instance. Is it possible to rewrite the header before it is sent by replacing all %0d and %0a with space and URL decoding a few other characters like %2f?

nginx mailing list
Subject Author Posted

$ssl_client_escaped_cert forward client cert in URL encoded PEM only

Lyubenov, Branimir July 13, 2020 10:00AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 87
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready