search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: c47d13d) | patch
Add some tolerance (RFC2616 sec. 19.3)
commitd5fbbf547203061b1eaafbe80c4538a37fce5a34
authorMishael A Sibiryakov <death@junki.org>
Thu, 20 Oct 2016 09:05:32 +0000 (20 12:05 +0300)
committerEric Wong <e@80x24.org>
Thu, 20 Oct 2016 17:39:11 +0000 (20 17:39 +0000)
tree1609758e298a21d921c4bd09f4c7da6e29eb4c66tree | snapshot (tar.gz zip)
parentc47d13d2c5ce75cca5ac11eda6d6a0e54015e711commit | diff
Add some tolerance (RFC2616 sec. 19.3)

Hi all.

We're implementing client certificate authentication with nginx and
unicorn. 

Nginx configured in the following way:

proxy_set_header X-SSL-Client-Cert $ssl_client_cert;

When client submits certificate and nginx passes it to the unicorn,
unicorn responds with 400 (Bad Request). This caused because nginx
doesn't use "\r\n" they using just "\n" and multilne headers is failed
to parse (I've added test).

Accorording to RFC2616 section 19.3:
https://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.3

"The line terminator for message-header fields is the sequence CRLF.
However, we recommend that applications, when parsing such headers,
recognize a single LF as a line terminator and ignore the leading CR."

CRLF changed to ("\r\n" | "\n")

Github commit
https://github.com/uno4ki/unicorn/commit/ed127b66e162aaf176de05720f6be758f8b41b1f

PS: Googling "nginx unicorn ssl_client_cert" shows the problem. 
ext/unicorn_http/unicorn_http_common.rl diff | blob | blame | history
test/unit/test_http_parser.rb diff | blob | blame | history
Rack HTTP server for Unix, fast clients