Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1775

Setting header value to %{SSL_CLIENT_CERT} doesn't obey spec.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • 2.1.3.Final
    • Core
    • Hide

      Setup client certificate authentication for a https listener. Then reverse proxy requests with the above expression-filter included. 

      Show
      Setup client certificate authentication for a https listener. Then reverse proxy requests with the above expression-filter included. 

      Using an expression filter to set a header field with a value that contains newlines results in an invalid http request. An example is setting the SSL_CLIENT_CERT as in:

      {{ <expression-filter name="ClientCertHeader" }}
        expression="set(attribute='%{i,SSL_CLIENT_CERT}',
        value='%{SSL_CLIENT_CERT}')"/>

      The resulting http request doesn't include the line continuation sequence '\n\t' or '\n '. In the case of a reverse proxy the request is rejected by the proxied server.

              flaviarnn Flavia Rainone
              eclipseservices Victor Langelo (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: