[Bug 65169] New: Add escaped cert env variables

bugzilla Fri, 05 Mar 2021 09:56:06 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=65169


            Bug ID: 65169
           Summary: Add escaped cert env variables
           Product: Apache httpd-2
           Version: 2.4.46
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

A recent Tomcat change rejects all headers with a LF in the value. nginx has
added a ssl_client_escaped_cert which does simple URI encoding. Add HTTPd
equivalents of all variables which contain LFs. Here is the support for Tomcat:
https://github.com/apache/tomcat/pull/406

I consider at least these are affected:
* SSL_CLIENT_CERT
* SSL_CLIENT_CERT_CHAIN_n
* SSL_SERVER_CERT

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 65169] New: Add escaped cert env variables

Reply via email to