Matt Palmer
May 04, 2014 01:46AM
The below patch is a small one, to make the common use-case for
$ssl_client_cert (including it in an HTTP request header)
protocol-compliant. Some receiving webservers don't like a plain '\n' in
the requests they receive.

I considered digging deeper to find a more "natural" place to ensure
protocol compliance, but then I figured that since we're *already* mangling
the "native" look of the PEM data (adding leading tabs), adding some '\r'
wasn't a huge further leap.

--- nginx-1.6.0.orig/src/event/ngx_event_openssl.c
+++ nginx-1.6.0/src/event/ngx_event_openssl.c
@@ -2615,7 +2615,7 @@ ngx_ssl_get_certificate(ngx_connection_t

for (i = 0; i < cert.len - 1; i++) {
if (cert.data[i] == LF) {
- len++;
+ len += 2;
}
}

@@ -2628,9 +2628,12 @@ ngx_ssl_get_certificate(ngx_connection_t
p = s->data;

for (i = 0; i < cert.len - 1; i++) {
- *p++ = cert.data[i];
if (cert.data[i] == LF) {
+ *p++ = '\r';
+ *p++ = '\n';
*p++ = '\t';
+ } else {
+ *p++ = cert.data[i];
}
}



- Matt

--
Judging by this particular thread, many people in this group spent their
school years taking illogical, pointless orders from morons and having their
will to live systematically crushed. And people say school doesn't prepare
kids for the real world. -- Rayner, in the Monastery

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[patch] Properly terminate line-endings in $ssl_client_cert

Matt Palmer 1172 May 04, 2014 01:46AM

Re: [patch] Properly terminate line-endings in $ssl_client_cert

Ruslan Ermilov 846 May 05, 2014 05:58AM

Re: [patch, take 2] Properly terminate line-endings in $ssl_client_cert

Matt Palmer 1640 May 05, 2014 07:36PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 312
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready