Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1775

Setting header value to %{SSL_CLIENT_CERT} doesn't obey spec.

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 2.1.3.Final
    • Fix Version/s: None
    • Component/s: Core
    • Labels:
    • Steps to Reproduce:
      Hide

      Setup client certificate authentication for a https listener. Then reverse proxy requests with the above expression-filter included. 

      Show
      Setup client certificate authentication for a https listener. Then reverse proxy requests with the above expression-filter included. 

      Description

      Using an expression filter to set a header field with a value that contains newlines results in an invalid http request. An example is setting the SSL_CLIENT_CERT as in:

      {{ <expression-filter name="ClientCertHeader" }}
        expression="set(attribute='%{i,SSL_CLIENT_CERT}',
        value='%{SSL_CLIENT_CERT}')"/>

      The resulting http request doesn't include the line continuation sequence '\n\t' or '\n '. In the case of a reverse proxy the request is rejected by the proxied server.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                flavia.rainone Flavia Rainone
                Reporter:
                eclipseservices Victor Langelo
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: