mike-jumper opened a new pull request, #1081:
URL: https://github.com/apache/guacamole-client/pull/1081
Ran into this as I write up and test the Apache HTTPD variation of the docs
for SSL SSO:
The Apache HTTPD implementation of URL escaping _does not encode plus
signs_, which Java's `URLDecoder` will decode as spaces. To avoid mangling
received certificates, we need to ensure any plus signs within received
certificates are preserved even if not encoded.
For Nginx, the configuration involves:
```nginx
proxy_set_header X-Client-Certificate $ssl_client_escaped_cert;
```
which adds the escaped client certificate to the request (with any plus
signs in that certificate also escaped). Meanwhile, with Apache HTTPD, we have
the slightly less friendly:
```apache
RequestHeader set X-Client-Certificate "expr=%{escape:%{SSL_CLIENT_CERT}}"
```
That `escape` function does not escape plus signs, leading to unnecessary
head/desk collisions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
