michael-o commented on a change in pull request #406:
URL: https://github.com/apache/tomcat/pull/406#discussion_r587564027
##########
File path: java/org/apache/catalina/valves/SSLValve.java
##########
@@ -137,7 +149,13 @@ public void invoke(Request request, Response response)
throws IOException, Servl
* separate lines, the CertificateFactory is tolerant of any
* additional whitespace.
*/
- String headerValue = mygetHeader(request, sslClientCertHeader);
+ String headerValue;
+ String headerEscapedValue = mygetHeader(request,
sslClientEscapedCertHeader);
+ if (headerEscapedValue != null) {
+ headerValue = URLDecoder.decode(headerEscapedValue, "ISO-8859-1");
Review comment:
No, URLDecoder does *not* decode URIs. It has been designed for HTML
forms only. Tomcat has a utility to do this properly. Moreover, it should be
either UTF-8 or better the encoding from the `server.xml`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
