You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/03/07 11:59:38 UTC
DO NOT REPLY [Bug 38876] New: - SSL_CLIENT_CERT header bad format
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38876>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38876
Summary: SSL_CLIENT_CERT header bad format
Product: Apache httpd-2
Version: 2.0.54
Platform: All
OS/Version: All
Status: NEW
Severity: blocker
Priority: P1
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: mstern@csc.com
It seems that the PEM-encoded certificate coming out of OpenSSL (0.9.8a in my
case) contains new lines without leading space, which is interpreted as a new
HTTP header.
Even more important, the last empty line leads to 2 new lines without leading
space, which is interpreted as the end of all HTTP headers.
This could be fixed by removing all new lines in the PEM-encoded certificate, in
ssl_engine_vars.c:
static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs)
{
...
BIO_free(bio);
+ /* remove all new lines (CR & LF) */
+ {
+ char *source, *target;
+ for ( source = target = result; *source; source++ ) {
+ if ( (*source != 0x0A) && (*source != 0x0D) ) *target++ = *source;
+ }
+ *target = NUL;
+ }
return result;
}
Remark: the test
if ( (*source != 0x0A) && (*source != 0x0D) )
could also be replaced by a more general one:
if ( *source <= ' ' )
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38876] - SSL_CLIENT_CERT header bad format
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38876>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38876
mstern@csc.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From mstern@csc.com 2006-03-22 14:48 -------
Solved in 2.2, in mod_headers
Backport available: http://people.apache.org/~jorton/mod_headers-2.0-ssl.diff
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org