It seems that the PEM-encoded certificate coming out of OpenSSL (0.9.8a in
my case) contains new lines without leading space, which is interpreted as a
new HTTP header.
Even more important, the last empty line leads to 2 new lines without
leading space, which is interpreted as the end of all HTTP headers.
This could be fixed by removing all new lines in the PEM-encoded
certificate, in ssl_engine_vars.c:
static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs)
{
...
BIO_free(bio);
+ /* remove all new lines (CR & LF) */
+ {
+ char *source, *target;
+ for ( source = target = result; *source; source++ ) {
+ if ( (*source != 0x0A) && (*source != 0x0D) ) *target++ = *source;
+ }
+ *target = NUL;
+ }
return result;
}
Remark: the test
if ( (*source != 0x0A) && (*source != 0x0D) )
could also be replaced by a more general one:
if ( *source <= ' ' )
