Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1775

Setting header value to %{SSL_CLIENT_CERT} doesn't obey spec.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Critical
    • None
    • 2.1.3.Final
    • Core
    • Hide

      Setup client certificate authentication for a https listener. Then reverse proxy requests with the above expression-filter included. 

      Show
      Setup client certificate authentication for a https listener. Then reverse proxy requests with the above expression-filter included. 

    Description

      Using an expression filter to set a header field with a value that contains newlines results in an invalid http request. An example is setting the SSL_CLIENT_CERT as in:

      {{ <expression-filter name="ClientCertHeader" }}
        expression="set(attribute='%{i,SSL_CLIENT_CERT}',
        value='%{SSL_CLIENT_CERT}')"/>

      The resulting http request doesn't include the line continuation sequence '\n\t' or '\n '. In the case of a reverse proxy the request is rejected by the proxied server.

      Attachments

        Activity

          People

            flaviarnn Flavia Rainone
            eclipseservices Victor Langelo (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: