DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38876>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38876 Summary: SSL_CLIENT_CERT header bad format Product: Apache httpd-2 Version: 2.0.54 Platform: All OS/Version: All Status: NEW Severity: blocker Priority: P1 Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] It seems that the PEM-encoded certificate coming out of OpenSSL (0.9.8a in my case) contains new lines without leading space, which is interpreted as a new HTTP header. Even more important, the last empty line leads to 2 new lines without leading space, which is interpreted as the end of all HTTP headers. This could be fixed by removing all new lines in the PEM-encoded certificate, in ssl_engine_vars.c: static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs) { ... BIO_free(bio); + /* remove all new lines (CR & LF) */ + { + char *source, *target; + for ( source = target = result; *source; source++ ) { + if ( (*source != 0x0A) && (*source != 0x0D) ) *target++ = *source; + } + *target = NUL; + } return result; } Remark: the test if ( (*source != 0x0A) && (*source != 0x0D) ) could also be replaced by a more general one: if ( *source <= ' ' ) -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
