Package: pound Version: 2.7-1.3 When pound listens on an https connection it will forward client certificate in the X-SSL-certificate header. By default it will transfer the certificate in multiple lines as was allowed historically in http.
RFC7230 deprecates this behaviour and more and more http servers reject requests with such headers and return a 400 Bad Request error message. As discussed in the pound mailing list (http://www.apsis.ch/pound/pound_list/archive/2018/2018-04/1524178583000#1524337674000) pound is capable to send the X-SSL-certificate in a single line and thus conform to the RFC by compiling it using the --enable-cert1l option on configure. But one must specify this option, it is not the default. To conform to RFC7230 the pound package should be rebuilt using the —enable-cert1l option when doing the configure step. Thank you very much, claudio -- Claudio Nieder, Ruhestrasse 7, CH-8045 Zürich, Tel +4179 357 6743, www.claudio.ch